Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
6
Replies

Unable to use ASDM on 5510 and 5520 ASA

Tracey Foster
Level 1
Level 1

‎06-17-2013 09:53 AM - edited ‎03-11-2019 06:59 PM

Hello,

I have been working with ASA's for about 8 months now.  I have a 5520 that is brand new out of the box and a 5510 that I blew up last week (read as format disk, start from scratch).

I have generated RSA keys, loaded license keys, loaded IOS's and configs in the last few days.  Luckily these boxes are table top at the moment and nothingto do with production.  However, I have tried to load production configurations on to these boxes, and have determined that not all the lines of the configs will load.

To be specific at the moment, I am unable to load "asdm location 192.168.50.0 255.255.255.0 inside" on either box.  I am also unable to use my broswer and HTTPS://192.168.50.1              to access the ASA, even though I have HTTP serve enabled and HTTP 192.168.50.0 listed in the config.

Because I blew up one of the boxes and started from scratch and the other box is brand new, is/are there any other special things that need to be done to these boxes?  Like I could put in some of the "crypto" config lines in the boxes until I did the license keys, once they were lin, I could configure the crypto lines.

I am open to any suggestions as this point as I can't current get the VPN's to come up (different issue here) nor see what's going on with the VPN's without ASDM.

Thank you!

Tracey

Labels:
0 Helpful
6 Replies 6

malshbou
Level 1
Level 1

‎06-17-2013 10:17 AM

Hi,

please configure the ASDM-permitted subnets as following:

http

and make sure that you have overlapping ciphers between the client and the ASA:

show run ssl

ssl encryption

if it persists, get the SSL captures at the ASA as .pcap

hope this helps

------------------
Mashal Alshboul

------------------ Mashal Shboul
0 Helpful

Tracey Foster
Level 1
Level 1
In response to malshbou

‎06-17-2013 11:10 AM

Http lines are in the config.

I have confirmed that the asdm.bin is on disk0.

Will confirm that there is the ssl line.  More to come later.

0 Helpful

Tracey Foster
Level 1
Level 1
In response to Tracey Foster

‎06-17-2013 12:02 PM

Do you mean SSL or SSH????

I do a search in my config and don't see SSL.  I have compared to my production unit and also do not see SSL in the config.

I do have ssh IP lines in my config.

ssh 192.168.50.0 255.255.255.0 inside.

Any other suggestions?

0 Helpful

Andrew Phirsov
Level 7
Level 7
In response to Tracey Foster

‎06-17-2013 12:14 PM

For you asdm access to work, you should enable strong encryption protocols for ssl, wich is disables by default. So, as Mashal said, you'd have to add this from global config mode:

ssl-encryption aes/3des

0 Helpful

Tracey Foster
Level 1
Level 1
In response to Andrew Phirsov

‎06-17-2013 01:04 PM

I have added the line ssl encryption aes256......

Should I be able to see this line in the config now?

Attempted to open asdm from my desktop application, I put in the correct ip address and username and password and get this error message: unable to launch device manager from ip.

I have had this error the entire time.

0 Helpful

malshbou
Level 1
Level 1
In response to Tracey Foster

‎06-17-2013 01:34 PM

do you use webvpn on the same ASA interface which you connect to for ASDM access ?

do you fail when accessing from browser ?

do you have an SSL certificate ready on the ASA ?

please share your config, client OS and Java version.

hope this helps

------------------
Mashal Alshboul

------------------ Mashal Shboul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card