Hello Wayne,

This is related to this article

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200025-9-5-and-newer-AsyncOS-for-Email-Security.html

Essentially what you need to do to restore GUI access (and all other services) is:

lab.example.com (SERVICE)> ifconfig

Currently configured interfaces:
1. Data 2 (192.168.42.43/24 on Data 2: lab.example.com)
2. Management (192.168.42.42/24 on Data 1: ironport1.example.com)

Choose the operation you want to perform:
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]> edit

Enter the number of the interface you wish to edit.
[]> 1

IP interface name (Ex: "InternalNet"):
[Data 2]>

Would you like to configure an IPv4 address for this interface (y/n)? [Y]>

IPv4 Address (Ex: 192.168.1.2 ):
[192.168.42.43]>

Netmask (Ex: "24", "255.255.255.0" or "0xffffff00"):
[255.255.255.0]>

Would you like to configure an IPv6 address for this interface (y/n)? [N]>

Ethernet interface:
1. Data 1
2. Data 2
[2]>

Hostname:
[lab.example.com]>

Do you want to enable SSH on this interface? [Y]>

Which port do you want to use for SSH?
[22]>

Do you want to enable FTP on this interface? [Y]>

Which port do you want to use for FTP?
[21]>

Do you want to enable Cluster Communication Service on this interface? [N]>

Do you want to enable HTTP on this interface? [N]>

Do you want to enable HTTPS on this interface? [Y]>

Which port do you want to use for HTTPS?
[443]>

Do you want to enable Spam Quarantine HTTP on this interface? [Y]>

Which port do you want to use for Spam Quarantine HTTP?
[80]>

Do you want to enable Spam Quarantine HTTPS on this interface? [N]>

Do you want to enable AsyncOS API (Monitoring) HTTP on this interface? [N]>

Do you want to enable AsyncOS API (Monitoring) HTTPS on this interface? [N]>

Do you want to enable RSA Enterprise Manager Integration on this interface? [N]>

1. ldaps_cert
2. delivery_cert
3. receiving_cert
4. https_cert
5. Demo
Please choose the certificate to apply:
[4]> 5

You may use "Demo", but this will not be secure.
Do you really wish to use the "Demo" certificate? [N]> Y

Do you want Data 2 as the default interface for your Spam Quarantine? [N]>

You have edited the interface you are currently logged into. Are you sure you want to change it? [Y]>

Currently configured interfaces:
1. Data 2 (192.168.42.43/24 on Data 2: lab.example.com)
2. Management (192.168.42.42/24 on Data 1: ironport1.example.com)

Choose the operation you want to perform:
- NEW - Create a new interface.
- EDIT - Modify an interface.
- GROUPS - Define interface groups.
- DELETE - Remove an interface.
[]>

///

lab.example.com (SERVICE)> destconfig

There is currently 1 entry configured.

Choose the operation you want to perform:
- SETUP - Change global settings.
- NEW - Create a new entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- IMPORT - Import tables from a file.
- EXPORT - Export tables to a file.
[]> setup

1. ldaps_cert
2. delivery_cert
3. receiving_cert
4. https_cert
5. Demo
Please choose the certificate to apply:
[2]> 5

You may use "Demo", but this will not be secure.
Do you really wish to use the "Demo" certificate? [N]> Y

Do you want to send an alert when a required TLS connection fails? [N]>

There is currently 1 entry configured.

Choose the operation you want to perform:
- SETUP - Change global settings.
- NEW - Create a new entry.
- DEFAULT - Change the default.
- LIST - Display a summary list of all entries.
- DETAIL - Display details for one destination or all entries.
- IMPORT - Import tables from a file.
- EXPORT - Export tables to a file.
[]>

lab.example.com (SERVICE)> ldap
ldapconfig, ldapflush, ldaptest
lab.example.com (SERVICE)> ldapconfig

Current LDAP server configurations:
1. AD: (192.168.1.82,192.168.1.21,192.168.1.60,192.168.1.62:389)
2. ISQ: (192.168.1.82:389)

Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
- SETUP - Configure LDAP options.
- ADVANCED - Configure advanced LDAP queries.
[]> setup

Choose the IP interface for LDAP traffic.
1. Auto
2. Data 2 (192.168.42.43/24: lab.example.com)
3. Management (192.168.42.42/24: ironport1.example.com)
[1]>

LDAP will determine the interface automatically.

Should group queries that fail to complete be silently treated as having negative results? [Y]>

1. ldaps_cert
2. delivery_cert
3. receiving_cert
4. https_cert
5. Demo
Please choose the certificate to apply:
[1]> 5

You may use "Demo", but this will not be secure.
Do you really wish to use the "Demo" certificate? [N]> Y

Current LDAP server configurations:
1. AD: (192.168.1.82,192.168.1.21,192.168.1.60,192.168.1.62:389)
2. ISQ: (192.168.1.82:389)

Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
- SETUP - Configure LDAP options.
- ADVANCED - Configure advanced LDAP queries.
[]>

lab.example.com (SERVICE)>

///

lab.example.com (SERVICE)> ldapconfig

Current LDAP server configurations:
1. AD: (192.168.1.82,192.168.1.21,192.168.1.60,192.168.1.62:389)
2. ISQ: (192.168.1.82:389)

Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
- SETUP - Configure LDAP options.
- ADVANCED - Configure advanced LDAP queries.
[]> setup

Choose the IP interface for LDAP traffic.
1. Auto
2. Data 2 (192.168.42.43/24: lab.example.com)
3. Management (192.168.42.42/24: ironport1.example.com)
[1]>

LDAP will determine the interface automatically.

Should group queries that fail to complete be silently treated as having negative results? [Y]>

1. ldaps_cert
2. delivery_cert
3. receiving_cert
4. https_cert
5. Demo
Please choose the certificate to apply:
[1]> 5

You may use "Demo", but this will not be secure.
Do you really wish to use the "Demo" certificate? [N]> Y

Current LDAP server configurations:
1. AD: (192.168.1.1:389)

Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
- SETUP - Configure LDAP options.
- ADVANCED - Configure advanced LDAP queries.
[]>

lab.example.com (SERVICE)> listenerconfig

Currently configured listeners:
1. IncomingMail (on Data 2, 192.168.42.43) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit

Enter the name or number of the listener you wish to edit.
[]> 1

Name: IncomingMail
Type: Public
Interface: Data 2 (192.168.42.43/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: ldapaccept (AD.accept)

Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
- LDAPACCEPT - Configure an LDAP query to determine whether a recipient address should be accepted or bounced/dropped.
[]> certificate

1. ldaps_cert
2. delivery_cert
3. receiving_cert
4. https_cert
5. Demo
Please choose the certificate to apply:
[3]> 5

You may use "Demo", but this will not be secure.
Do you really wish to use the "Demo" certificate? [N]> Y

Name: IncomingMail
Type: Public
Interface: Data 2 (192.168.42.43/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: ldapaccept (AD.accept)

Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
- LDAPACCEPT - Configure an LDAP query to determine whether a recipient address should be accepted or bounced/dropped.
[]>

Currently configured listeners:
1. IncomingMail (on Data 2, 192.168.42.43) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]>
---

Regards,

Matthew