cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


653
Views
0
Helpful
4
Replies
Beginner

Packet Tracer from ASDM no longer working

Hi

 

I use to use this feature a lot which was good to test firewall rules and prove to clients the rule was actually working.

 

Yet after upgrading to a newer FW (ASA 5545) a few weeks ago, this feature has stopped working. I have attached a picture of the error message I get no matter what combination of test I try.

 

Any ideas or advice on how to fix it? The ASA version is 9.1(1) and the ASDM version is 7.3(1).

 

Kind regards,

Mark

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Mentor

The syntax that the ASDM

The syntax that the ASDM tries to send to the ASA is wrong (inline tags are from 0 to 64k). So my first advise would be to upgrade the ASDM. And your ASA-version is also very old. Also consider upgrading that to 9.1(6).

VIP Mentor

1) you can run it from the

1) you can run it from the command-line. Just skip the "inline-tag X" as that is typically not needed.

2) Upgrading the ASDM causes no downtime at all. Just upload the ASDM to both units and set the ASDM-image on the active one. Restart ASDM and you are done.

3) Even ASA-update is possible without downtime if you are using failover:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#73860

4 REPLIES 4
VIP Mentor

The syntax that the ASDM

The syntax that the ASDM tries to send to the ASA is wrong (inline tags are from 0 to 64k). So my first advise would be to upgrade the ASDM. And your ASA-version is also very old. Also consider upgrading that to 9.1(6).

Beginner

Thanks for replying. Is there

Thanks for replying. Is there a way I can run the same command from telnet/SSH if that is the problem or will the output not work in the command line?

 

Regarding upgrading the ASDM, it is very difficult to arrange downtime to reboot it. Or if It is in a failover pair which we just did, is there a way to connect to each remotely and upgrade them both without causing disruption making one Primary and the other Active whilst I upgrade them?

VIP Mentor

1) you can run it from the

1) you can run it from the command-line. Just skip the "inline-tag X" as that is typically not needed.

2) Upgrading the ASDM causes no downtime at all. Just upload the ASDM to both units and set the ASDM-image on the active one. Restart ASDM and you are done.

3) Even ASA-update is possible without downtime if you are using failover:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#73860

Highlighted
Beginner

Thanks again, really helpful.

Thanks again, really helpful.