topic Re: Unable to launch ASDM in Network Security

Unable to launch ASDM

Peter Boerjesson — Fri, 21 Feb 2020 16:25:37 GMT

Seeking guidance since I have not been able to resolve this problem. I can SSH to the firewall without any problems. The firewall (ASA 5520) is currently running 8.4(3).3 and I've tried with ASDM images asdm-647.bin and asdm-781-150.bin

# dir disk0:

Directory of disk0:/

96 -rwx 8312832 07:33:12 Nov 28 2007 asa722-k8.bin
98 -rwx 25196544 15:28:06 Mar 30 2012 asa843-3-k8.bin
97 -rwx 5623108 07:35:06 Nov 28 2007 asdm-522.bin
94 -rwx 17902288 15:37:50 Mar 30 2012 asdm-647.bin
106 -rwx 26916144 14:40:49 Oct 30 2018 asdm-781-150.bin

# show asdm image
Device Manager image file, disk0:/asdm-781-150.bin

# sh run ssh
ssh 10.0.0.0 255.0.0.0 PtpFW
ssh timeout 15
ssh version 2
# sh run http
http server enable
http 10.0.0.0 255.0.0.0 PtpFW

I've verified the md5 sum on asdm version 781-150 and it's correct. I've fiddled around with trustpoint which I usually don't do cause it tends to work without me doing anything with it. Anyway I have a specific trustpoint for the management interface. I'm trying to access the same IP address for ASDM which is not working as SSH which is working. So I'm starting to get kind of clueless for what I should try. I know the code is old but there's not much I can do about that at this moment.

I can use ASDM on my client to connect to other firewalls so I know that's not an issue on the client side, it is just this one firewall. Any hints on show or debug commands I can use to resolve this issue?

Thankful for any hints or tips

//Peter

Re: Unable to launch ASDM

Marvin Rhoads — Thu, 01 Nov 2018 11:05:03 GMT

I assume you've verified the 3DES-AES license in on the unit. Also check "show run ssl".

Have you tried capturing the Java console output when you try to connect?

Another things that's sometimes useful is to do a packet capture. If there's an SSL negotiation failure (ASDM uses your Java SSL libraries), that's usually pretty good at highlighting where it happens.

Re: Unable to launch ASDM

Peter Boerjesson — Thu, 01 Nov 2018 13:36:06 GMT

Hi,

I compared "show run all ssl" between a firewall that worked and one the one I have problems with.

The one that worked:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

The one that didn't work:

ssl encryption des-sha1 rc4-md5

So I added the aes ciphers and then everything started to work. I guess it was a problem of which cihpers where allowed. The really strange thing though is that when I debugged the firewall previously it said it had agreed on 2 ciphers which both the client and firewall agreed on. I guess for one reason or another the ones they agreed upon wasn't allowed by java or something similar, anyway it works now, thank you marvin for pointing me in the "ssl" direction of the config.

//Peter