Try to enable the following command,

ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

And make sure ASDM image on show running configuration.

RC4 has to be considered broken and shouldn't be used any more. Better remove it from the "ssl-encryption" command.

I can connect to different ASAs with different versions of ASDM, when i try to connect to this new ASA I immediately receive the "Unable to launch device manager" standard message. https://192.168.1.1/ or https://192.168.1.1/admin and https://192.168.1.1/admin/public/index.html just displays "page cannot be displayed" and the corresponding messages in Firefox and Chrome.

I tried the ssl encryption command, did not change the behaviour. The asdm image does not show up in the running config but i double checked with other ASAs and it does not show up either? I can find config for asdm logging and history but nothing regarding the image.

Hi,

Could you share the configuration (remove any sensitive information if present) and the output of the following commands

show version

dir flash:

show asp table socket

- Jouni

Hi Jouni,

here are the results, running ASA 8.2.5 is just a current test i did with an old asa image to see if it changes anything, the image the ASA originally had is 9.0.1

BR

Tobias

Config

ASA Version 8.2(5)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
ftp mode passive
object-group network obj_any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:483100f5006fe478429ef1fb7be2184e
: end

Show Version:

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 7.1(1)52

Compiled on Fri 20-May-11 16:00 by builders
System image file is "tftp://192.168.1.50/asa825-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 6 mins 9 secs

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

 0: Int: Internal-Data0/0    : address is 881d.fcc5.61d5, irq 11
 1: Ext: Ethernet0/0         : address is 881d.fcc5.61cd, irq 255
 2: Ext: Ethernet0/1         : address is 881d.fcc5.61ce, irq 255
 3: Ext: Ethernet0/2         : address is 881d.fcc5.61cf, irq 255
 4: Ext: Ethernet0/3         : address is 881d.fcc5.61d0, irq 255
 5: Ext: Ethernet0/4         : address is 881d.fcc5.61d1, irq 255
 6: Ext: Ethernet0/5         : address is 881d.fcc5.61d2, irq 255
 7: Ext: Ethernet0/6         : address is 881d.fcc5.61d3, irq 255
 8: Ext: Ethernet0/7         : address is 881d.fcc5.61d4, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces    : 8
VLANs                          : 3, DMZ Restricted
Inside Hosts                   : 10
Failover                       : Disabled
VPN-DES                        : Enabled
VPN-3DES-AES                   : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 10
Dual ISPs                      : Disabled
VLAN Trunk Ports               : 0
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has a Base license.

Serial Number: xxx
Running Activation Key: xxx
Configuration register is 0x1
Configuration last modified by enable_15 at 02:58:21.069 UTC Thu Nov 20 2014

dir flash:

Directory of disk0:/

128    -rwx  27260928    11:16:36 Oct 21 2014  asa901-k8.bin
13     drwx  2048        11:16:48 Oct 21 2014  coredumpinfo
129    -rwx  17790720    11:18:04 Oct 21 2014  asdm-711-52.bin
3      drwx  2048        11:19:46 Oct 21 2014  log
12     drwx  2048        11:20:04 Oct 21 2014  crypto_archive
130    -rwx  196         11:20:14 Oct 21 2014  upgrade_startup_errors_201410211120.log
132    -rwx  2048        00:00:00 Jan 01 1980  FSCK0000.REC
133    -rwx  4096        00:00:00 Jan 01 1980  FSCK0001.REC
134    -rwx  4096        00:00:00 Jan 01 1980  FSCK0002.REC
135    -rwx  4096        00:00:00 Jan 01 1980  FSCK0003.REC
136    -rwx  4096        00:00:00 Jan 01 1980  FSCK0004.REC
137    -rwx  6144        00:00:00 Jan 01 1980  FSCK0005.REC
138    -rwx  6144        00:00:00 Jan 01 1980  FSCK0006.REC
139    -rwx  6144        00:00:00 Jan 01 1980  FSCK0007.REC
140    -rwx  26624       00:00:00 Jan 01 1980  FSCK0008.REC
141    -rwx  38912       00:00:00 Jan 01 1980  FSCK0009.REC
142    -rwx  34816       00:00:00 Jan 01 1980  FSCK0010.REC
143    -rwx  43008       00:00:00 Jan 01 1980  FSCK0011.REC
144    -rwx  2048        00:00:00 Jan 01 1980  FSCK0012.REC
145    -rwx  28672       00:00:00 Jan 01 1980  FSCK0013.REC
146    -rwx  2048        00:00:00 Jan 01 1980  FSCK0014.REC
147    -rwx  28672       00:00:00 Jan 01 1980  FSCK0015.REC
148    -rwx  2048        00:00:00 Jan 01 1980  FSCK0016.REC
149    -rwx  200         07:11:52 Nov 19 2014  upgrade_startup_errors_201411190711.log
150    -rwx  200         08:29:32 Nov 19 2014  upgrade_startup_errors_201411190829.log
151    -rwx  200         09:04:14 Nov 19 2014  upgrade_startup_errors_201411190904.log
152    -rwx  200         09:16:10 Nov 19 2014  upgrade_startup_errors_201411190916.log
153    -rwx  200         09:18:52 Nov 19 2014  upgrade_startup_errors_201411190918.log

127004672 bytes total (81295360 bytes free)

show asp table socket

Protocol  Socket    Local Address               Foreign Address         State
SSL       0003cf3f  192.168.1.1:443             0.0.0.0:*               LISTEN

Did you include "https://192.168.1.1" in the sitelist in the security-tab of the Java control-panel? Depending on your environment, that could be needed.

I am running Java 7 45 on this client because there was an issue with certificates and asdm in a later Java version (guess this is fixed now). There is no sitelist in this older version, it was introduced later

But i should be able to see the webpage with the options to install or run asdm even if there would be any java issues?

I checked with another client and Java 8 25 with https://192.168.1.1 in the sidelist, still no change

still not working