topic Re: Cannot Open ASDM in Network Security

Cannot Open ASDM

dancumming — Mon, 11 Mar 2019 20:09:58 GMT

Good afternoon,

We are running a Cisco ASA 5510 in our district. We have been using it for about a year and a half after an upgrade from our PIX. I have been using the CLI to manage it but I wanted to start using the ASDM. I installed the ASDM Launcher last Friday but could not access it. I have enable the http server on the ASA, assigned an IP to the interface, and granted my machine's IP inside access. On Friday I was unable to launch the ASDM. I then downgraded Java. I came in this morning and was able to connect through the launcher. However I could not make any changes as it would give me an error message and often popped up with "lost connection" type messages. I then closed the ASDM but could not reconnect after that. When I try to connect through the launcher I receive the message "Unable to launch ASDM from 172.16.5.1: Connection reset". When I try https://172.16.5.1/admin/ from a browser I simply receive "page cannot be displayed". I'm not sure why I can't connect. Any help would be appreciated. Thank you!

Java Version 1.5.0 (build 1.5.0_14-b03)

Cisco ASDM Launcher v1.5(20)

Bordentown-PIX# show version

Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)

Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
Config file at boot was "startup-config"

Bordentown-PIX up 1 year 209 days

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode   : ☻CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0         : address is 0021.a0af.d9e2, irq 9
1: Ext: Ethernet0/1         : address is 0021.a0af.d9e3, irq 9
2: Ext: Ethernet0/2         : address is 0021.a0af.d9e4, irq 9
3: Ext: Ethernet0/3         : address is 0021.a0af.d9e5, irq 9
4: Ext: Management0/0       : address is 0021.a0af.d9e6, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Standby
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Security Contexts           : 0
GTP/GPRS                    : Disabled
VPN Peers                   : 150

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1305L2YF
Running Activation Key: 0xa83ec371 0xbc981d82 0x18c1251c 0xabb850fc 0x80023795
Configuration register is 0x1
Configuration last modified by enable_15 at 08:44:08.343 UTC Mon Mar 21 2011
Bordentown-PIX# dir

Directory of disk0:/

5      -rw- 5548032     00:06:12 Jan 01 2003 asa708-k8.bin
683    drw- 0           07:54:54 Jan 31 2009 crypto_archive
685    -rw- 6163744     07:57:46 Jan 31 2009 asdm-508.bin

255426560 bytes total (243621888 bytes free)
Bordentown-PIX# sh asdm image
Device Manager image file, disk0:/asdm-508.bin

Dan

Re: Cannot Open ASDM

PAUL GILBERT ARIAS — Mon, 21 Mar 2011 16:51:07 GMT

have you tried from another PC or laptop? This really seems to be a java problem.

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 17:40:18 GMT

Tried updating my Java version and a different computer. Same result. Using the ASDM launcher I get the following error on the first attempt. The attempts after that I recieve the connection reset error.

Unable to launch ASDM from 172.16.5.1:

Connection reset by peer: socket write error

Re: Cannot Open ASDM

tj.mitchell — Mon, 21 Mar 2011 17:41:48 GMT

Not sure that I understand what you are saying by "I assigned an IP address to the interface". Wouldnt that be already there because you have been using the device for awhile? What is the name you gave to that interface? You should already have an inside correct?

Also you don't need to put the "/admin" at the end of the URL. Only if you enabled SSL termination on the inside interface would you need that.

Sent from Cisco Technical Support iPhone App

Re: Cannot Open ASDM

PAUL GILBERT ARIAS — Mon, 21 Mar 2011 17:44:49 GMT

what is the IP of the ASA that you are trying to connect? Can you share the show run http?

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 17:45:52 GMT

You are correct, the interface already had an address. Sorry, my wording was a little confusing. The interface is ethernet0/1 and it is inside. I was using /admin as I saw it on another post but I have tried it without. It still gives me a "Internet Explorer cannot display the webpage" error.

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 17:47:14 GMT

The IP is 172.16.5.1

Bordentown-PIX# show run http
http server enable
http 172.16.0.0 255.255.255.255 inside
http 172.16.1.41 255.255.255.255 inside
http 172.16.1.200 255.255.255.255 inside
http 172.16.1.11 255.255.255.255 inside
http 172.16.1.53 255.255.255.255 inside
http 172.16.4.183 255.255.255.255 inside
http 172.16.1.226 255.255.255.255 inside

Re: Cannot Open ASDM

tj.mitchell — Mon, 21 Mar 2011 17:51:43 GMT

Did you do http or https? Http will not work unless you have port redirection configured. Must use https://

Try that..

Sent from Cisco Technical Support iPhone App

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 17:53:18 GMT

Yes, I have been using https. I have tried both of the following

https://172.16.5.1

https://172.16.5.1/admin/

Re: Cannot Open ASDM

tj.mitchell — Mon, 21 Mar 2011 17:57:29 GMT

What host IP address are you coming from? In the list the top one shows a host mask for the 172.16.0.0 network and the rest are host addresses.

Did you mean to put a 172.16.0.0 255.255.0.0 inside for that line?

Sent from Cisco Technical Support iPhone App

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 18:06:42 GMT

The host I am coming in from is 172.16.4.183. Do I need to change that entry?

Re: Cannot Open ASDM

PAUL GILBERT ARIAS — Mon, 21 Mar 2011 18:09:29 GMT

your IP is already allowed. have you tried rebooting the ASA?

Re: Cannot Open ASDM

tj.mitchell — Mon, 21 Mar 2011 18:12:41 GMT

Try the reboot.. Sometimes in the older code, ASDM does not take effect untill there is a reboot of the device. Just something I have run into..

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 18:21:11 GMT

Just tried the reboot, no luck.

Re: Cannot Open ASDM

tj.mitchell — Mon, 21 Mar 2011 18:24:28 GMT

Pls post the configuration and the dir outputs..

Re: Cannot Open ASDM

PAUL GILBERT ARIAS — Mon, 21 Mar 2011 18:24:32 GMT

silly question. can you ping the ASA from your PC?

Have tried connecting from another interface or from a host on the same subnet as the inside interface? remember to allow http access for the IPs you source the tests.

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 18:31:04 GMT

Paul, not a silly question since it is behaving like I wouldn't be able to ping the address!

But yes, I am able to ping the address of the ASA

Bordentown-PIX# dir

Directory of disk0:/

5      -rw- 5548032     00:06:12 Jan 01 2003 asa708-k8.bin
683    drw- 0           07:54:54 Jan 31 2009 crypto_archive
685    -rw- 6163744     07:57:46 Jan 31 2009 asdm-508.bin

255426560 bytes total (243621888 bytes free)

Bordentown-PIX# show run
: Saved
:
ASA Version 7.0(8)
!
hostname Bordentown-PIX
domain-name bordentown.k12.nj.us
enable password A8EW9svYyTEcA4Ua encrypted
passwd A8EW9svYyTEcA4Ua encrypted
no names
name 172.16.1.41 BRSDPROXY
name 172.16.1.253 Voice_conf
name 208.39.161.68 Voice_conf_out
name 172.16.1.8 bordentownfs2
name 172.16.1.43 btprx
name 172.16.1.6 pri_ComCastMail
name 172.16.1.201 pri_bordentodell1
name 172.16.1.22 pri_brvstream
name 172.16.1.26 pri_remoteacc
name 172.16.1.200 pri_service_2
name 208.39.161.70 pub_ComCastMail
name 208.39.161.67 pub_bordentdell1

name 208.39.161.73 pub_bordentownfs2
name 208.39.161.72 pub_brvstream
name 208.39.161.76 pub_bsdinfosys
name 208.39.161.74 pub_remoteacc
name 208.39.161.69 pub_service_2
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 208.39.161.66 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.5.1 255.255.0.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
object-group service wwww tcp
port-object eq www
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp any any
access-list inside_access_in extended permit tcp host 172.16.1.22 eq 8002 any
access-list inside_access_in extended permit tcp host 172.16.1.22 eq domain any
access-list inside_access_in extended permit tcp host 172.16.1.22 eq www any
access-list inside_access_in extended permit tcp host 172.16.1.135 eq https any
access-list inside_access_in extended permit tcp host 172.16.1.135 eq www any
access-list acl_in extended permit icmp any any
access-list acl_out extended permit icmp any any
access-list acl_out extended permit ip host 172.16.1.22 any
access-list acl_out extended permit ip host 172.16.1.43 any
access-list acl_out extended permit ip host 172.16.1.201 any
access-list acl_out extended permit ip host 172.16.1.51 any
access-list acl_out extended permit ip host 172.16.1.52 any
access-list acl_out extended permit ip host 172.16.1.53 any
access-list acl_out extended permit tcp any host 208.39.161.72 eq www
access-list acl_out extended permit ip host 172.16.1.226 any
access-list acl_out extended permit ip host 172.16.1.242 any
access-list acl_out extended permit ip host 172.16.1.1 any
access-list acl_out extended permit ip host 172.16.2.9 any
access-list acl_out extended permit ip host 172.16.1.6 any
access-list acl_out extended permit ip host 172.16.1.8 any
access-list acl_out extended permit ip host 172.16.1.35 any
access-list acl_out extended permit ip host 172.16.1.41 any
access-list acl_out extended permit ip host 172.16.1.230 any
access-list acl_out extended permit ip host 172.16.1.231 any
access-list acl_out extended permit ip host 172.16.1.200 any
access-list acl_out extended permit ip host 172.16.1.48 any
access-list acl_out extended permit ip host 172.16.1.24 any
access-list acl_out extended permit ip host 172.16.1.26 any
access-list acl_out extended permit ip host 172.16.1.250 any
access-list acl_out extended permit ip host 172.16.3.36 any
access-list acl_out extended permit ip host 172.16.4.110 any
access-list acl_out extended permit ip host 172.16.1.240 any
access-list acl_out extended permit ip host 172.16.1.229 any
access-list acl_out extended permit ip host 192.168.0.2 any
access-list acl_out extended permit ip host 172.16.1.241 any
access-list acl_out extended permit ip host 172.16.1.221 any
access-list acl_out extended permit ip host 172.16.1.222 any
access-list acl_out extended permit ip host 172.16.1.223 any
access-list acl_out extended permit ip host 172.16.1.224 any
access-list acl_out extended permit ip host 172.16.1.225 any
access-list acl_out extended permit ip host 172.16.1.227 any
access-list acl_out extended permit ip host 172.16.1.228 any
access-list acl_out extended permit ip host 172.16.1.232 any
access-list acl_out extended permit ip host 172.16.1.233 any
access-list acl_out extended permit ip host 172.16.1.234 any
access-list acl_out extended permit ip host 172.16.1.235 any
access-list acl_out extended permit ip host 172.16.1.243 any
access-list acl_out extended permit ip host 172.16.2.118 any
access-list acl_out extended permit ip host 172.16.1.130 any
access-list acl_out extended permit ip host 172.16.1.131 any
access-list acl_out extended permit ip host 172.16.1.132 any
access-list acl_out extended permit ip host 172.16.1.7 any
access-list acl_out extended permit ip host 172.16.1.202 any
access-list acl_out extended permit ip host 192.168.0.3 any
access-list acl_out extended permit ip host 172.16.2.177 any
access-list acl_out extended permit ip host 172.16.1.253 any
access-list acl_out extended permit ip host 172.16.1.14 any
access-list acl_out extended permit tcp any host 172.16.3.135 eq 5806
access-list acl_out extended permit tcp any host 172.16.1.31 eq ssh
access-list acl_out extended permit ip host 172.16.5.17 any
access-list acl_out extended permit ip host 172.16.5.18 any
access-list acl_out extended permit ip host 172.16.1.135 any
access-list dns extended permit udp any any
access-list dnstcp extended permit tcp any any
access-list dmz_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 208.39.161.73 eq www
access-list outside_acl extended permit tcp any host 208.39.161.70 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.70 eq pop3
access-list outside_acl extended permit tcp any host 208.39.161.70 eq imap4
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 444
access-list outside_acl extended permit icmp any any
access-list outside_acl extended permit tcp any host 208.39.161.70 eq www
access-list outside_acl extended permit tcp any host 208.39.161.70 eq ssh
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.70 eq irc
access-list outside_acl extended permit tcp any host 208.39.161.72 eq www
access-list outside_acl extended permit tcp any host 208.39.161.74 eq www
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 8080
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1755
access-list outside_acl extended permit tcp any host 208.39.161.73 eq 3101
access-list outside_acl extended permit tcp any host 208.39.161.73 eq www
access-list outside_acl extended permit tcp any host 208.39.161.67 eq www
access-list outside_acl extended permit tcp any host 208.39.161.68 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.68 eq www
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 407
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1417
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1418
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1419
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1420
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1417
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1418
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1419
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1420
access-list outside_acl extended permit udp any host 208.39.161.76 eq 407
access-list outside_acl extended permit tcp any host 208.39.161.76 eq https
access-list outside_acl extended permit tcp any host 208.39.161.76 eq www
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 7880
access-list outside_acl extended permit tcp any host 208.39.161.76 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 8080
access-list outside_acl extended permit udp any host 208.39.161.76 eq 8080
access-list outside_acl extended permit udp any host 208.39.161.72 eq 444
access-list outside_acl extended permit tcp any host 208.39.161.72 eq 444
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 444
access-list outside_acl extended permit udp any host 208.39.161.76 eq 444
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 4125
access-list outside_acl extended permit udp any host 208.39.161.76 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.70 eq https
access-list outside_acl extended permit udp any host 208.39.161.72 eq www
access-list outside_acl extended permit udp any host 208.39.161.70 eq 443
access-list outside_acl extended permit tcp any host 208.39.161.66 eq https
access-list outside_acl extended permit udp any host 208.39.161.66 eq 443
access-list outside_acl extended permit tcp any host 208.39.161.75 eq smtp
access-list outside_acl extended permit udp any host 208.39.161.75 eq 25
access-list outside_acl extended permit tcp any host 208.39.161.66 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.68 eq https
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 81
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 6891
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 5641
access-list outside_acl extended permit udp any host 208.39.161.67 eq 5641
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 4550
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 5550
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 2512
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 2513
access-list outside_acl extended permit tcp any host 208.39.161.72 eq 1701
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1701
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1702
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1702
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1701
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 210
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 7090
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 5151
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 210
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 7090
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 5151
access-list outside_acl extended permit tcp any host 208.39.161.68 eq h323
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 555
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 556
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 1718
access-list outside_acl extended permit udp any host 208.39.161.68 eq 1719
access-list outside_acl extended permit tcp any host 208.39.161.71 eq https
access-list outside_acl extended permit tcp any host 208.39.161.69 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.69 eq pop3
access-list outside_acl extended permit tcp any host 208.39.161.69 eq imap4
access-list outside_acl extended permit tcp any host 208.39.161.69 eq www
access-list outside_acl extended permit tcp any host 208.39.161.69 eq citrix-ica

access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1604
access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1023
access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1431
access-list outside_acl extended permit tcp any host 208.39.161.69 eq 8081
access-list outside_acl extended permit tcp any host 208.39.161.66 eq ftp
access-list outside_acl extended permit tcp any host 208.39.161.75 eq ftp
access-list outside_acl extended permit tcp any host 208.39.161.66 eq ftp-data
access-list outside_acl extended permit tcp any host 172.17.1.103 eq smtp
access-list outside_acl extended permit tcp any host 172.17.1.103 eq imap4
access-list outside_acl extended permit tcp any host 208.39.161.75 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.65 eq 4125
access-list outside_acl extended permit udp any host 208.39.161.65 eq 4125
access-list outside_acl extended permit udp any host 208.39.161.66 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.66 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.66 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.65 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.75 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.75 eq 5806
access-list outside_acl extended permit tcp any host 208.39.161.65 eq 5806
access-list outside_acl extended permit udp any host 208.39.161.65 eq 5806
access-list outside_acl extended permit udp any host 208.39.161.75 eq 5806
access-list outside_acl extended permit tcp any host 208.39.161.71 eq ssh
pager lines 24
logging list high-priority level errors
logging asdm informational
logging from-address administrator@bordentown.k12.nj.us
logging recipient-address administrator@bordentown.k12.nj.us level errors
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
no failover
asdm image disk0:/asdm-508.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (outside) 2 208.39.161.73 netmask 255.255.255.255
nat (inside) 3 172.16.1.7 255.255.255.255
nat (inside) 1 172.16.0.0 255.255.0.0
nat (inside) 1 172.17.0.0 255.255.0.0
nat (DMZ) 1 192.168.0.0 255.255.255.0
static (inside,outside) 208.39.161.74 172.16.1.26 netmask 255.255.255.255
static (inside,outside) 208.39.161.75 172.16.1.43 netmask 255.255.255.255
static (inside,outside) 208.39.161.67 172.16.1.201 netmask 255.255.255.255
static (inside,outside) 208.39.161.72 172.16.1.22 netmask 255.255.255.255
static (inside,outside) 208.39.161.69 172.16.1.200 netmask 255.255.255.255
static (inside,outside) 208.39.161.76 172.16.1.242 netmask 255.255.255.255
static (inside,outside) 208.39.161.70 172.16.1.6 netmask 255.255.255.255
static (inside,outside) 208.39.161.73 172.16.1.8 netmask 255.255.255.255
static (inside,outside) 208.39.161.68 172.16.1.35 netmask 255.255.255.255
static (inside,outside) 208.39.161.71 172.16.1.31 netmask 255.255.255.255
access-group outside_acl in interface outside
route outside 0.0.0.0 0.0.0.0 208.39.161.66 1
route inside 172.30.0.0 255.255.0.0 172.16.6.1 1
route inside 172.17.0.0 255.255.0.0 172.16.6.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication ssh console LOCAL
http server enable
http 172.16.0.0 255.255.255.255 inside
http 172.16.1.41 255.255.255.255 inside
http 172.16.1.200 255.255.255.255 inside
http 172.16.1.11 255.255.255.255 inside
http 172.16.1.53 255.255.255.255 inside
http 172.16.4.183 255.255.255.255 inside
http 172.16.1.226 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 208.39.161.65 255.255.255.255 inside
telnet 208.39.161.64 255.255.255.252 inside
telnet 172.16.0.0 255.255.0.0 inside
telnet 208.39.161.65 255.255.255.255 DMZ
telnet 208.39.161.64 255.255.255.252 DMZ
telnet timeout 30
ssh 63.214.17.0 255.255.255.0 outside
ssh 68.44.187.221 255.255.255.255 outside
ssh 65.217.171.0 255.255.255.0 outside
ssh 68.81.65.0 255.255.255.0 outside
ssh timeout 45
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect rsh
inspect rtsp
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect http
inspect ils
inspect ftp
!
service-policy global_policy global
smtp-server 172.16.1.6
Cryptochecksum:0bc9058beb1969b07b6667f008edaee4
: end

Re: Cannot Open ASDM

tj.mitchell — Mon, 21 Mar 2011 18:36:43 GMT

I would take out the line "http 172.16.0.0 255.255.255.255 inside" as this is incorrect.

Add the line "http 172.16.0.0 255.255.0.0 inside"

Then write it..

Re: Cannot Open ASDM

dancumming — Mon, 21 Mar 2011 18:40:53 GMT

I agree, that command looks incorrect. I just made the change but it didn't help.

Re: Cannot Open ASDM

Shrikant Sundaresh — Mon, 21 Mar 2011 19:17:15 GMT

Hey Dan,

Could you please try "no http server enable" and then "http server enable" again.

Sometime this is what would be causing the issue.

Secondly, if this doesn't work, if there is very little traffic passing through the device, you might wanna try "debug http" ("un all" to stop), and see the output generated when you try accessing ASDM.