topic Re: No access to asdm !?! in Network Security

No access to asdm !?!

mstoitso — Fri, 31 May 2019 06:41:28 GMT

On Monday I was able to run ASDM on my PC but last days it crashed.

So I’m using Java 7 update 79. I added the ip address of the asa to the exception list and imported the ASA certificate into Java as well in trusted root authorities store in windows

This is the current configuration.

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

ciscoasa# sh run ssl

ssl encryption 3des-sha1 aes128-sha1

And the error message is ERR_CERT_AUTHORITY_INVALID

Cisco Adaptive Security Appliance Software Version 9.1(5)16

Each device can ping each other. Firewall switched off

ASDM version 7122.bin

Could please advise how to solve the issue please.

Re: No access to asdm !?!

balaji.bandi — Fri, 31 May 2019 07:34:41 GMT

And the error message is ERR_CERT_AUTHORITY_INVALID

here is the document to fix.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107956-renew-ssl.html

Re: No access to asdm !?!

mstoitso — Fri, 31 May 2019 09:25:12 GMT

Thank you Balaji , i will try the fix and give you feedback. but am I able to renew the certificate without access to asdm ?!

I don't have an access to ASDM at all.

Re: No access to asdm !?!

mstoitso — Fri, 31 May 2019 20:40:41 GMT

I Tried with

crypto ca trustpoint ASDM_TrustPoint0
        keypair CertKey
        id-usage ssl-ipsec 
        fqdn 5540-uwe
        subject-name CN=ASA5540.company.com,OU=LAB,O=Cisco ystems,C=US,St=CA
        enrollment terminal
 crypto ca enroll ASDM_TrustPoint0
ssl trust poin certificate name

but i got an error message

ERROR: Trustpoint not enrolled. Please enroll trustpoint and try again.

then i tried with

Equivalent CLI of the configuration.

ASA5520A(config)#crypto key generate rsa usage-keys label Cert-key modulus 2048 noconfirm

ASA5520A(config)#crypto ca trustpoint My_Certificate

ASA5520A(config-ca-trustpoint)#keypair Cert-Key

ASA5520A(config-ca-trustpoint)# fqdn myvpn.cisco.com

ASA5520A(config-ca-trustpoint)#subject-name CN=myvpn.cisco.com,OU=IT,O="Cisco Systems, Inc",C=US,St=California,L=San Jose,EA=admin@cisco.com

ASA5520A(config-ca-trustpoint)#enrollment terminal

ASA5520A(config)#crypto ca enroll My_Certificate noconfirm

ASA5520A(config)#crypto ca authenticate My_Certificate

ASA5520A(config)#ssl trustpoint outside My_Certificate

but got the same error message

this is the debug from the http 255

HTTP: admin session verified = [0]

HTTP: processing GET URL '/' from host 192.168.80.144

HTTP: processing handoff to legacy admin server [/favicon.ico]

HTTP: admin session verified = [0]

HTTP: processing GET URL '/favicon.ico' from host 192.168.80.144

HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)

the issue is still outgoing.

Re: No access to asdm !?!

mstoitso — Sat, 01 Jun 2019 07:25:31 GMT

I got the asdm idm launcher but i think that i have a compatibility issue.

Just to be sure

Cisco Adaptive Security Appliance Software Version 9.1(5)16

Device Manager Version 7.12(2)

So I can run any asdm version 7.1(6)+ and above ?!

Re: No access to asdm !?!

mstoitso — Sat, 01 Jun 2019 10:22:52 GMT

I got an error massage unable to lauch device menager from ip

I copied all the Java Cryptography Extension files to the java security folde but it didi hot help

I tried with the lates version of java.

java reported

javax.net.ssl.SSLException:failed

the ASA self signed certificate is imported in javatrusted certificates