Solved: Cisco ASA is not accessable on web page for Initial configuratio

karsel508123 · ‎01-07-2013

Hi cisco support,

I would like to request any one from cisco support to help me. Before my senior staffs had configured ASA from CLI and it was implemented for some years. But after that they have not used this ASA. Now i have reset to factory-default as

conf t

clear configure all

wr

By executing above comments it shows completed reseting to factory-default.

After that when type:

#sh ru interface

This shows outputs as follows:

interface GigabitEthernet0/0

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

There was no default ip address 192.168.1.1 in interface Management0/0. So i got IP adddres by using

config factory-default command. out put look as follows:

#config factory-default

Based on the management IP address and mask, the DHCP address packets): hardware (0/0) software (0/0)

pool size is reduced to 253 from the platform limit 256 output queue (curr/max p

WARNING: The boot system configuration will be cleared.

The first image found in disk0:/ will be used to boot the

system on the next reload.

Verify there is a valid image on disk0:/ or the system will

not boot.

Begin to apply factory-default configuration:

Clear all configuration

WARNING: DHCPD bindings cleared on interface 'management', address pool removed

Executing command: interface management0/0

Executing command: nameif management

INFO: Security level for "management" set to 0 by default.

Executing command: ip address 192.168.1.1 255.255.255.0

Executing command: security-level 100

Executing command: no shutdown

Executing command: exit

Executing command: http server enable

Executing command: http 192.168.1.0 255.255.255.0 management

Executing command: dhcpd address 192.168.1.2-192.168.1.254 management

Executing command: dhcpd enable management

Executing command: logging asdm informational

Factory-default configuration is completed

then when i type sh run int command. It looks as follows

#sh ru int

GigabitEthernet0

!

interface GigabitEthernet0/010.10.10.1 255.255.255.

shutdown

no nameif

no security-level

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

So i can ping to 192.168.1.1. but could not get the web page when i type https://192.168.1.1/admin

Please help me.

cadet alain · ‎01-07-2013

Hi,

add this: asdm image disk0:/"asdm file name"

then try again like this https://192.168.1.1

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

Rudy Sanjoko · ‎01-07-2013

to be able to access ASA from web page you will need to configure ASDM, you will need to check if your ASA has ASDM file on the flash or not, it can be checked by using "dir disk0:" command. once you determine there is ASDM file on the flash, you can start configuring it, by using below template:

username pass >

aaa authentication http console LOCAL

http server enable

asdm image disk0:

http >

View solution in original post

cadet alain · ‎01-07-2013

Hi,

add this: asdm image disk0:/"asdm file name"

then try again like this https://192.168.1.1

Regards.

Alain

Don't forget to rate helpful posts.

karsel508123 · ‎01-07-2013

Hi Alain,

Thanks for your help. when i add asdm image disk0:/"asdm file name". i could open web pages.

Regards

Karma

karsel508123 · ‎03-05-2013

Hi Alain,

please help me to solve the problem, Last time when a added asdm image disk0:/"asdm file name" i could access Cisco ASA on web page, but it is not working, please help me,

For your references following are the information;

//To show the current running interface

#sh ru int

GigabitEthernet0

!

interface GigabitEthernet0/0

shutdown

no nameif

no security-level

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

ciscoasa# show flash

--#-- --length-- -----date/time------ path

63 14524416 Nov 26 2008 23:59:02 asa724-k8.bin

64 4181246 Jan 01 2003 00:07:52 securedesktop-asa-3.2.1.103-k9.pkg

65 398305 Jan 01 2003 00:08:14 sslclient-win-1.1.0.154.pkg

6 8192 Sep 22 2008 17:24:26 crypto_archive

66 6514852 Sep 22 2008 17:40:56 asdm-524.bin

68 6889764 Nov 27 2008 00:06:04 asdm-602.bin

2 8192 Nov 27 2008 01:18:04 log

255426560 bytes total (222527488 bytes free)

ciscoasa# dir disk0:

Directory of disk0:/

63 -rwx 14524416 23:59:02 Nov 26 2008 asa724-k8.bin

64 -rwx 4181246 00:07:52 Jan 01 2003 securedesktop-asa-3.2.1.103-k9.pk

g

65 -rwx 398305 00:08:14 Jan 01 2003 sslclient-win-1.1.0.154.pkg

6 drwx 8192 17:24:26 Sep 22 2008 crypto_archive

66 -rwx 6514852 17:40:56 Sep 22 2008 asdm-524.bin

68 -rwx 6889764 00:06:04 Nov 27 2008 asdm-602.bin

2 drwx 8192 01:18:04 Nov 27 2008 log

255426560 bytes total (222527488 bytes free)

i did even

#asdm image disk0:/asdm-524.bin

#asdm image disk0:/asdm-602.bin

please help.

Saurabh Srivastava · ‎03-05-2013

Hi karma,

could you please confirm what image file is configured as of now ? I believe ASDM image disk0:/asdm-602.bin is not supportive with your current IOS 7.2.4..You can test same with ASDM image 5.2.4 or 5.2.5.

Regards,
Saurabh

Regards, Saurabh

karsel508123 · ‎03-06-2013

Hi saurabh,

Actually i am new to Cisco ASA and i don't know how to configure it. Just learning from the manual guide, right now i could find

asdm image disk0:/asdm-524.bin

asdm image disk0:/asdm-602.bin

when the ASDM image is 5.2.4 and 6.0.2 it is not accesible in browser. So if i need to configure image 5.2.4 what all i need to do. Please guide me

your help and support is always appreciated.

Regards

karma

Rudy Sanjoko · ‎03-07-2013

so it was working and not anymore? what have you changed on the config? try to remove the asdm image disk0:/asdm-602.bin command and please post you running config as well.

karsel508123 · ‎03-07-2013

Hi Sanjoko

I have posted following for your references

#show flash

--#-- --length-- -----date/time------ path

63 14524416 Nov 26 2008 23:59:02 asa724-k8.bin

64 4181246 Jan 01 2003 00:07:52 securedesktop-asa-3.2.1.103-k9.pkg

65 398305 Jan 01 2003 00:08:14 sslclient-win-1.1.0.154.pkg

6 8192 Sep 22 2008 17:24:26 crypto_archive

66 6514852 Sep 22 2008 17:40:56 asdm-524.bin

68 6889764 Nov 27 2008 00:06:04 asdm-602.bin

2 8192 Nov 27 2008 01:18:04 log

ciscoasa(config)# sh run

ASA Version 8.0(2)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface GigabitEthernet0/0

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

pager lines 24

logging asdm informational

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:b6965df6235c81d8f47987003b4584ae

: end

Thanks in advance. Your help is appreciated,

regards

karma

Rudy Sanjoko · ‎03-07-2013

Based on your show run, it looks like the asa is running version 8.0(2) but I don't see the file on the flash, so please provide the output from show version for verification and I see that there are two lines of asdm image disk0:/asdm-524.bin, try to erase both lines, restart the ASA and reapply the command. Where are you accessing the ASA from? What's the ip address of the host? Can you ping from that host to the ASA? I assume it is connected to management interface. One last thing, you said that it is not working anymore, have you got any error messages?

Rudy Sanjoko · ‎01-07-2013

to be able to access ASA from web page you will need to configure ASDM, you will need to check if your ASA has ASDM file on the flash or not, it can be checked by using "dir disk0:" command. once you determine there is ASDM file on the flash, you can start configuring it, by using below template:

username pass >

aaa authentication http console LOCAL

http server enable

asdm image disk0:

http >

karsel508123 · ‎01-08-2013

hi sanjoko

thanks for your help. web page is accessable by using

asdm image disk0:/"asdm file name"

regards

karma

Cisco ASA is not accessable on web page for Initial configurations