06-17-2013 09:53 AM - edited 03-11-2019 06:59 PM
Hello,
I have been working with ASA's for about 8 months now. I have a 5520 that is brand new out of the box and a 5510 that I blew up last week (read as format disk, start from scratch).
I have generated RSA keys, loaded license keys, loaded IOS's and configs in the last few days. Luckily these boxes are table top at the moment and nothingto do with production. However, I have tried to load production configurations on to these boxes, and have determined that not all the lines of the configs will load.
To be specific at the moment, I am unable to load "asdm location 192.168.50.0 255.255.255.0 inside" on either box. I am also unable to use my broswer and HTTPS://192.168.50.1 to access the ASA, even though I have HTTP serve enabled and HTTP 192.168.50.0 listed in the config.
Because I blew up one of the boxes and started from scratch and the other box is brand new, is/are there any other special things that need to be done to these boxes? Like I could put in some of the "crypto" config lines in the boxes until I did the license keys, once they were lin, I could configure the crypto lines.
I am open to any suggestions as this point as I can't current get the VPN's to come up (different issue here) nor see what's going on with the VPN's without ASDM.
Thank you!
Tracey
06-17-2013 10:17 AM
Hi,
please configure the ASDM-permitted subnets as following:
http
and make sure that you have overlapping ciphers between the client and the ASA:
show run ssl
ssl encryption
if it persists, get the SSL captures at the ASA as .pcap
hope this helps
------------------
Mashal Alshboul
06-17-2013 11:10 AM
Http lines are in the config.
I have confirmed that the asdm.bin is on disk0.
Will confirm that there is the ssl line. More to come later.
06-17-2013 12:02 PM
Do you mean SSL or SSH????
I do a search in my config and don't see SSL. I have compared to my production unit and also do not see SSL in the config.
I do have ssh IP lines in my config.
ssh 192.168.50.0 255.255.255.0 inside.
Any other suggestions?
06-17-2013 12:14 PM
For you asdm access to work, you should enable strong encryption protocols for ssl, wich is disables by default. So, as Mashal said, you'd have to add this from global config mode:
ssl-encryption aes/3des
06-17-2013 01:04 PM
I have added the line ssl encryption aes256......
Should I be able to see this line in the config now?
Attempted to open asdm from my desktop application, I put in the correct ip address and username and password and get this error message: unable to launch device manager from ip.
I have had this error the entire time.
06-17-2013 01:34 PM
do you use webvpn on the same ASA interface which you connect to for ASDM access ?
do you fail when accessing from browser ?
do you have an SSL certificate ready on the ASA ?
please share your config, client OS and Java version.
hope this helps
------------------
Mashal Alshboul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: