asdm connection problems

christopher.martin.2 — Tue, 12 Mar 2019 09:15:44 GMT

Hi there,

I am struggling to browse to ASDM which just hangs. See below my current setup though i have tried with other version of ASA and ASDM

ciscoasa(config)# show asdm image
Device Manager image file, disk0:/asdm-771-150.bin
ciscoasa(config)#
ciscoasa(config)# sh ver

Cisco Adaptive Security Appliance Software Version 9.4(1)
Device Manager Version 7.7(1)150

Compiled on Sat 21-Mar-15 11:43 PDT by builders
System image file is "boot:/asa941-smp-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 14 hours 9 mins

Hardware: ASAv, 2048 MB RAM, CPU Pentium II 3591 MHz,
Internal ATA Compact Flash, 8192MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB

0: Ext: Management0/0 : address is 00a2.56fd.0800, irq 11
1: Ext: GigabitEthernet0/0 : address is 00a2.56fd.0801, irq 11
2: Ext: GigabitEthernet0/1 : address is 00a2.56fd.0802, irq 10
3: Ext: GigabitEthernet0/2 : address is 00a2.56fd.0803, irq 10
4: Ext: GigabitEthernet0/3 : address is 00a2.56fd.0804, irq 11
5: Ext: GigabitEthernet0/4 : address is 00a2.56fd.0805, irq 11
6: Ext: GigabitEthernet0/5 : address is 00a2.56fd.0806, irq 10
7: Ext: GigabitEthernet0/6 : address is 00a2.56fd.0807, irq 10

License mode: Smart Licensing
ASAv Platform License State: Unlicensed
No active entitlement: no feature tier and no throughput level configured

Licensed features for this platform:
Maximum Physical Interfaces : 10 perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Enabled perpetual
Cluster : Disabled perpetual

Licensing mode is Smart Licensing

Serial Number: 9AAF5L9CT3R

Image type : Release
Key version : A

Configuration last modified by enable_15 at 22:39:29.418 UTC Mon Apr 24 2017
ciscoasa(config)#

ciscoasa(config)# show run all ssl
ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher default custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl cipher tlsv1 custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl cipher tlsv1.1 all
ssl cipher tlsv1.2 custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl cipher dtlsv1 custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl dh-group group2
ssl ecdh-group group19
ssl certificate-authentication fca-timeout 2
ciscoasa(config)#

%ASA-6-725001: Starting SSL handshake with client outside:10.0.0.2/53428 to 10.0.0.252/443 for TLS session
%ASA-6-725003: SSL client outside:10.0.0.2/53428 to 10.0.0.252/443 request to resume previous session
%ASA-6-725002: Device completed SSL handshake with client outside:10.0.0.2/53428 to 10.0.0.252/443 for TLSv1.2 session
%ASA-6-302014: Teardown TCP connection 63 for outside:10.0.0.2/53425 to identity:10.0.0.252/443 duration 0:00:00 bytes 145 TCP Reset-I
%ASA-6-725007: SSL session with client outside:10.0.0.2/53426 to 10.0.0.252/443 terminated
%ASA-6-302014: Teardown TCP connection 64 for outside:10.0.0.2/53426 to identity:10.0.0.252/443 duration 0:00:00 bytes 384 TCP FINs
%ASA-6-725007: SSL session with client outside:10.0.0.2/53427 to 10.0.0.252/443 terminated
%ASA-6-302014: Teardown TCP connection 65 for outside:10.0.0.2/53427 to identity:10.0.0.252/443 duration 0:00:00 bytes 145 TCP Reset-I

What Java version is

Marvin Rhoads — Tue, 25 Apr 2017 00:31:13 GMT

What Java version is installed on your workstation?

Please open the Java console when attempting to connect and share the outut you get from it.

Hi marvin,

christopher.martin.2 — Wed, 26 Apr 2017 12:49:29 GMT

Hi marvin,

Thankyou for offering to help!

Im using 1.8.0_131-b11.

I enable the java console but it did not open when i initiated a connection to the ASA. On firefox i used the browser console and got below errors

10.0.0.252:443 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for ASA Temporary Self Signed Certificate

Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>
<unknown>
TypeError: ownerDoc.location is null content.js:449:7
TypeError: docShell is null

Also, the browser console created jarfile logs with below:

sendAsyncMessage("Browser:CertExceptionError", {
      location: ownerDoc.location.href,
      elementId: targetElement.getAttribute("id"),
      isTopFrame: (ownerDoc.defaultView.parent === ownerDoc.defaultView),
      securityInfoAsString: serializedSecurityInfo
    });
  },

It seems it's not liking the

Marvin Rhoads — Wed, 26 Apr 2017 13:55:56 GMT

It seems it's not liking the ASA self-signed certificate. While I usually generate a permanent vs. temporary one, the latter should work as well.

Depending on your PC settings, you may need to trust the ASA "site" in Java security.

I also notice you have some next generation encryption settings in your SSL. Can you confirm if you created an RSA key to be used for your self-signed certificate? If you don't have that and instead are using an ecdsa key that may be causing the error.

topic It seems it's not liking the in Network Security

asdm connection problems

What Java version is

Hi marvin,

It seems it's not liking the