cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
35788
Views
26
Helpful
21
Replies

ASDM was unable to load the firewall's configuration

andrews_steven
Level 1
Level 1

Hey all,

 

I have been working with a cisco ASA 5506-x base license, version details below:

 

Cisco Adaptive Security Appliance Software Version 9.8(2)38
Firepower Extensible Operating System Version 2.2(2.90)
Device Manager Version 7.9(2)152

 

I have configured the FirePower module to have an IP of 10.200.30.253, LAN interface to have IP of 10.200.30.254 and my own laptop to have an IP of 10.200.30.10. I can ping both the LAN and FirePower interfaces without issues. I can also navigate to both in a browser.

 

When I try and connect to 10.200.30.254 with the FirePower module running and connected I get an error: "ASDM was unable to load the firewall's configuration...." I have done some searching and people have suggested Java Versions, ASDM versions, FirmWare versions, but I do not seem o be able to get this resolved. Only thing I have not tried is using a Win7 32bit OS which one forum suggested.

 

Java version I am running is Java 8 Update 181 32 bit.

 

Spoke to TAC but unfortunately I have no support contract and they are not interested in providing any assistance without this even though I suspect a bug.

 

If I disconnect or shutdown the FirePower module ASDM works fine, except obviously I then cannot configure the FirePower module.

 

ASDM.jpgASDM2.jpg

Thank you,

Steven

2 Accepted Solutions

Accepted Solutions

johnlloyd_13
Level 9
Level 9

hi,

what's your MGMT 1/1 interface config (show run int m1/1) and firepower version (show module)?

could you also post a sanitized show run output?

there were reported issues with ASDM running on windows 10 (mine seem doesn't).

try ASDM in windows 7 instead.

View solution in original post

Hi John,

 

I just spun up a Win7 VM and it works perfectly. Bit of a crapy workaround but it will do.

 

Think versions 6.0 might be outdated information. See: https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html

 

It says 5.4.1+ I will definitely be updating this though but just want it working first :P.

 

I am in two mindsets here, I don't really want to mark this as resolved because to me its not and Win7 is a really poor solution to this. But I am going to because I know this will not be fixed anytime soon.

 

Thank you for your help.

View solution in original post

21 Replies 21

johnlloyd_13
Level 9
Level 9

hi,

what's your MGMT 1/1 interface config (show run int m1/1) and firepower version (show module)?

could you also post a sanitized show run output?

there were reported issues with ASDM running on windows 10 (mine seem doesn't).

try ASDM in windows 7 instead.

Hey John,

 

I have provided the output below. Reason I was avoiding configuring a Win7 Machine/VM is I just find this wildly insane. If it is my only option then that's what I will do but, but would like to try and resolve it first.

 

BRISFRWP01# show run int management 1/1
!
interface Management1/1
management-only
no nameif
no security-level
no ip address

 

BRISFRWP01# show run int g1/1
!
interface GigabitEthernet1/1
nameif WAN
security-level 0
ip address 203.220.43.154 255.255.255.252

 

 

BRISFRWP01# show modul

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
1 ASA 5506-X with SW, 8GE Data, 1GE Mgmt, AC ASA5506 JAD2034044J
sfr FirePOWER Services Software Module ASA5506 JAD2034044J

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
1 00a6.cacc.a813 to 00a6.cacc.a81c 1.1 1.1.8 9.8(2)38
sfr 00a6.cacc.a812 to 00a6.cacc.a812 N/A N/A 5.4.1-211

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER Up 5.4.1-211

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
1 Up Sys Not Applicable
sfr Up Up

hi,

your firepower module (sfr) is on 5.4.1 image. you'll need to be at least on 6.0 for ASDM support/compatibility.

see helpful link:

http://wannabecybersecurity.blogspot.com/2018/09/cisco-asa-5506w-x-software-image-upgrade.html

Hi John,

 

I just spun up a Win7 VM and it works perfectly. Bit of a crapy workaround but it will do.

 

Think versions 6.0 might be outdated information. See: https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html

 

It says 5.4.1+ I will definitely be updating this though but just want it working first :P.

 

I am in two mindsets here, I don't really want to mark this as resolved because to me its not and Win7 is a really poor solution to this. But I am going to because I know this will not be fixed anytime soon.

 

Thank you for your help.

@johnlloyd_13 

 

The ASA 5506, 5508 and 5516-X all supported the Firepower service module and ASDM management as of Firepower 5.4.1. Support was introduced for all ASA 5500-X series as of 6.0. Notwithstanding that, people should generally be running the latest version (6.2.3.5 as of this posting).

 

@andrews_steven

 

You can definitely manage an ASA with Firepower service module via ASDM on a Windows 10 PC. I do it all the time.

 

The #1 biggest issue (assuming the ASA is setup correctly) is the Java vetup on the PC. It seems that for every right Java setup that works, there are 10 that don't. There's so much variation on how that may be installed on your PC that it's difficult to diagnose remotely.

hi marvin,

noted on that. had a notion everything started and got resolved on 6.0

@Marvin Rhoads

 

Thanks. For sure, I will 100% be updating these. These are just straight out of the box, so during setup I will be updating everything to most recent/most recommended versions after doing a bug check. I bought 2 and on is on 6.x whilst this is on 5.4.1, so different batches. Wanted to be able to get ASDM to work properly first though before moving forward with config and upgrades.

 

As for the Java setup I agree that this should work and I did have it working perfectly for a 5508-X with the same Win 10 machine I was getting issues with the 5506-X, problem starts becoming how much time do I waste trying to resolve it, this is why I created the Win7 VM.

 

To be honest I doubt I will revisit this anytime soon, having a 8GB Win7 VM sitting on my machine is not that big of a deal.

 

There is not any real clear instructions for Cisco on how to setup Java and versions etc, this would be great and save a hell of a lot of time. Even when searching for a solution on this I did not see anything clearly outlined on a fix.

 

This problem is back once again with Windows Server 2019.  I have tried various Java versions 7u51and 7u80  don't work at all.  It loads the asa portion but stalls at the Firepower portion.   I have tried 8u131 and the current 8u211 both 32 and 64 bit.  It is seeing Server 2019 as Server 2016 so my guess is that it is also not compatible with 2016.

ASDM Version 7121

IOS  9.8(2)

sfr ASA FirePOWER Up 6.2.2.1-73

 

Java log:

Caused by: com.teamdev.jxbrowser.chromium.internal.EnvironmentException: Unsupported operating system. Supported OS: Windows XP (SP2), 7, 8, 10, Vista, 2003 (SP1), 2008, 2012, Mac OS X & Linux. Current OS: Windows Server 2016
at com.teamdev.jxbrowser.chromium.internal.Environment.checkEnvironment(Unknown Source)
at com.teamdev.jxbrowser.chromium.internal.WebViewManager.<init>(Unknown Source)
at com.teamdev.jxbrowser.chromium.internal.WebViewManager.<clinit>(Unknown Source)
... 31 more

 

As before it works fine with my Win7 laptop but this is a remote site and I really need this working from this server.

Same problem with Server 2019.  I too need this working.  I remember when this came up years ago.  Truthfully I don't remember the solution then, but it was software related.  

Hey Grant,

 

Solution for me was to just upgrade ASDM and FirePower versions to the latest. We have 3 ASAs and I had issues with two of these until I upgraded.

 

Just go through this process first and if it is still failing contact Cisco TAC.

 

Thank you,

Steven

Thank you sir!  What version did you go with on your ASA's?

I am on 7.9.1.151 and I bet this was fixed with 7.9.2.252.

Which version of ASA, ASDM and Firepower are you using? 

 

I am using ASA 9.9, ASDM 7.13 and Firepower 6.2.3. 

ASDM on Windows 2008 has no problem but encountered problem in Windows 2016. 

The problem was with the firepower.  If you are using ASDM to manage firepower this can be an issue.  What I did was disable the firepower to allow me to get into ASDM and then I set firepower to connect to FMC.  Now ASDM loads the ASA code just fine.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: