cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1341
Views
0
Helpful
4
Replies

Packet Tracer from ASDM no longer working

Mark Cavendish
Level 1
Level 1

Hi

 

I use to use this feature a lot which was good to test firewall rules and prove to clients the rule was actually working.

 

Yet after upgrading to a newer FW (ASA 5545) a few weeks ago, this feature has stopped working. I have attached a picture of the error message I get no matter what combination of test I try.

 

Any ideas or advice on how to fix it? The ASA version is 9.1(1) and the ASDM version is 7.3(1).

 

Kind regards,

Mark

2 Accepted Solutions

Accepted Solutions

The syntax that the ASDM tries to send to the ASA is wrong (inline tags are from 0 to 64k). So my first advise would be to upgrade the ASDM. And your ASA-version is also very old. Also consider upgrading that to 9.1(6).

View solution in original post

1) you can run it from the command-line. Just skip the "inline-tag X" as that is typically not needed.

2) Upgrading the ASDM causes no downtime at all. Just upload the ASDM to both units and set the ASDM-image on the active one. Restart ASDM and you are done.

3) Even ASA-update is possible without downtime if you are using failover:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#73860

View solution in original post

4 Replies 4

The syntax that the ASDM tries to send to the ASA is wrong (inline tags are from 0 to 64k). So my first advise would be to upgrade the ASDM. And your ASA-version is also very old. Also consider upgrading that to 9.1(6).

Thanks for replying. Is there a way I can run the same command from telnet/SSH if that is the problem or will the output not work in the command line?

 

Regarding upgrading the ASDM, it is very difficult to arrange downtime to reboot it. Or if It is in a failover pair which we just did, is there a way to connect to each remotely and upgrade them both without causing disruption making one Primary and the other Active whilst I upgrade them?

1) you can run it from the command-line. Just skip the "inline-tag X" as that is typically not needed.

2) Upgrading the ASDM causes no downtime at all. Just upload the ASDM to both units and set the ASDM-image on the active one. Restart ASDM and you are done.

3) Even ASA-update is possible without downtime if you are using failover:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#73860

Thanks again, really helpful.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: