cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Firewalls

27733
Views
15
Helpful
19
Replies
Beginner

Cannot open ASA through ASDM but I can open it through SSH

Hi guys

I have a problem right now, in fact I was searching for all the forum and I couldn't find any topic that could help me. Let me explaing you the situation: I got 2 firewalls which are connected as failover, the problem is with the ACTIVE device because I can access through SSH but if I'm trying to open it via ASDM it brings me an error UNABLE TO LAUNCH DEVICE MANAGER FROM X.X.X.X. I'm running the latest version of ASDM 8.2(2)17 in fact we already rewrite the file in the firewall but the problem is still there. And about the other device, I mean the one that is as STANDBY is working fine I'm able to access through ASDM and SSH and we already compare it and both have the same configuration.

So if you have any suggestion I will apreciate it.

Regards

Everyone's tags (9)
19 REPLIES
Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi Luis,

This document may help you troubleshoot:

https://supportforums.cisco.com/docs/DOC-13012

Things to check are the output of 'show run http', 'show run asdm', 'show flash', and 'show ver'. You can also enable 'debug http', which may provide some insight into what the problem is. Also, you might try connecting from a different PC to rule out any client or Java issues.

If the above document doesn't help, please post the output of all the above commands.

-Mike

Beginner

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi mirober2

I already check link that you gave but it didn't work, here are the results of the commands

sat320a-asa5520-1# sh run asdm
asdm image disk0:/asdm-634.bin
asdm history enable

sat320a-asa5520-1# sh flash
--#--  --length--  -----date/time------  path
    3  8192        Oct 08 2009 11:00:52  log
   41  4181246     Dec 31 2002 18:08:08  securedesktop-asa-3.2.1.103-k9.pkg
   42  398305      Dec 31 2002 18:08:30  sslclient-win-1.1.0.154.pkg
   10  8192        Apr 16 2009 16:02:20  crypto_archive
   44  14503836    Oct 04 2010 17:30:21  asdm-634.bin
   45  11348300    Oct 08 2009 10:58:52  asdm-621.bin
   11  8192        Oct 08 2009 11:02:16  coredumpinfo
   12  43          Jul 12 2010 05:30:42  coredumpinfo/coredump.cfg
   46  8192        Oct 23 2009 21:05:40  tmp
   47  2118        Feb 27 2010 01:29:44  old_running.cfg
   48  1323        Feb 27 2010 01:29:44  admin.cfg
   49  82759       Oct 04 2010 17:12:06  SAT-VPN.cfg
   50  2177        Oct 01 2010 16:20:10  SAT-VIVA.cfg
   51  16293888    Jul 12 2010 05:29:56  asa821-3-k8.bin
   52  16478208    Oct 01 2010 15:12:10  asa822-17-k8.bin

sat320a-asa5520-1/SAT-VPN# sh run | i http
service-object tcp eq https
service-object tcp eq https
service-object tcp eq https
http server enable
http 189.206.211.0 255.255.255.0 inside
http 189.206.214.0 255.255.255.0 inside

sat320a-asa5520-1# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(2)17
Device Manager Version 6.3(4)

Compiled on Wed 26-May-10 19:02 by builders
System image file is "disk0:/asa822-17-k8.bin"
Config file at boot was "startup-config"

sat320a-asa5520-1 up 3 days 19 hours
failover cluster up 220 days 8 hours

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0  : address is 0024.9750.3bb8, irq 9
1: Ext: GigabitEthernet0/1  : address is 0024.9750.3bb9, irq 9
2: Ext: GigabitEthernet0/2  : address is 0024.9750.3bba, irq 9
3: Ext: GigabitEthernet0/3  : address is 0024.9750.3bbb, irq 9
4: Ext: Management0/0       : address is 0024.9750.3bb7, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150      
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 5        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 2        
Total VPN Peers                : 750      
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 

This platform has an ASA 5520 VPN Plus license.

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi Luis,

Did you try from another PC in the 189.206.211.0 or 189.206.214.0 subnets? What does the output of 'debug http' show when you try to connect?

-Mike

Beginner

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi

Well about your question of trying to access from a pc on the network 189.206.211.x well that's where I'm trying to access =S

And I was checking the debug http but it doesn't bring me anything.

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi,

Are you using the ASDM launcher to start the ASDM ? Have you tried accessing the GUI by putting the URL in the browser

https://

Thanks,

Namit

Beginner

Re: Cannot open ASA through ASDM but I can open it through SSH

Yes I already try that but I getting the error of PAGE CANNOT BE DISPLA, any other suggestion?? =(

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi Luis,

Can you also copy paste the java logs that you get when you start the connection from the ASDM launcher. Click on the 'cup' icon on the right bottom corner of the ASDM launcher where you enter your credentials and press 5 to get the debugs on the screen. Then enter your credentials and try to log into ASDM.

Reagrds,

Rahul

Beginner

Re: Cannot open ASA through ASDM but I can open it through SSH

Here is the output of the Java

Local Launcher Version = 1.5.50
Local Launcher Version Display = 1.5(50)
OK button clicked
Trying for ASDM Version file; url = https://10.7.9.20/admin/
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read1(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
    at com.cisco.launcher.y.a(Unknown Source)
    at com.cisco.launcher.y.if(Unknown Source)
    at com.cisco.launcher.r.a(Unknown Source)
    at com.cisco.launcher.s.do(Unknown Source)
    at com.cisco.launcher.s.null(Unknown Source)
    at com.cisco.launcher.s.new(Unknown Source)
    at com.cisco.launcher.s.access$000(Unknown Source)
    at com.cisco.launcher.s$2.a(Unknown Source)
    at com.cisco.launcher.g$2.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Trying for IDM. url=https://10.7.9.20/idm/idm.jnlp/
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read1(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at com.cisco.launcher.w.a(Unknown Source)
    at com.cisco.launcher.s.for(Unknown Source)
    at com.cisco.launcher.s.new(Unknown Source)
    at com.cisco.launcher.s.access$000(Unknown Source)
    at com.cisco.launcher.s$2.a(Unknown Source)
    at com.cisco.launcher.g$2.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Regards

Beginner

Re: Cannot open ASA through ASDM but I can open it through SSH

I made a mistake I have the ASDM version 6.3(4)

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Can you give the command " ssl encryption aes128-sha1" on the ASA and try.

Beginner

Re: Cannot open ASA through ASDM but I can open it through SSH

I already try the command but it didn't work =S and the same log appear on the java console.

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Do you have webvpn enabled on the ASA ? Also what is the error when you get when you try to access the GUI via the browser as suggested by Namit ?

Regards

Rahul

Beginner

Re: Cannot open ASA through ASDM but I can open it through SSH

Thanks Rmavila
This command works for me on
ASA 5520
Version 9.1(5)16
ASDM 7.3
Java Version latest
-----------------------------------------------------------
I was having the problem to connect with Asdm and having this logs in JAVA
java.net.SocketException: Connection reset
I tried many things but only work that command
ssl encryption aes128-sha1

Thanks

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi,

Please paste the output of the following command

show bootvar

show asdm image

sh flash

sh run | in http

Thanks,

Namit

CreatePlease to create content
Ask the Expert- Firepower configuration & troubleshooting