Solved: ASA 5505

POWELLMI01 · ‎04-04-2013

I have an inherited ASA 5505 V09. It will not allow connection to the ASDM web page using the default IPaddress followed by /ADMIN. It does provide DHCP address assignment to connected devices. It does respond to the console connection using a Telnet type access. I have restored the factory default (thinking the firmware needed refreshing) and did a WRITE MEMORY command (successful). Does anyone have any suggestions as to how to correct this dilema? I'm running asa821-k8.bin with 512 MB memory.

Julio Carvajal · ‎04-08-2013

Hello Robert,

This should be working by now,

What are you getting on the Java logs???

What java version are you running?

Not sure if we discussed this before, but from the computer can you ping the ASA inside IP address??

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Yasien Adams · ‎04-04-2013

Hi,

Im assuming you have a console connection via console cable?

But you have no Telnet or ASDM access?

Firstly, can you verify that HTTP server is enabled, and check if an access policy is being applied to it.

Then you can check VTY access and check if it too has an access policy applied to it.

Are you trying to browse to the ASA? or are you using ASDM installed on your local machine?

POWELLMI01 · ‎04-05-2013

I have a console connection using the console cable supplied by Cisco. I do have Telnet access. It appears I have manual control of the appliance as I can issue commands and receive responses.

In the startup configuration the server is listed (default Cisco configuration) so I think the HTTP server is active. Is there a command I can issue to verify HTTP service?

I am trying to use the default ASA 5505 ASDM access using 192.168.1.1/admin but I get connectivity errors on the IE 8.0 browser.

I am new to the ASA commands so if you know of some command I should try, feel free to mention it. I can look it up to get the appropriate parameters and required access level.

Julio Carvajal · ‎04-05-2013

Hello Robert,

Provide:

Show run http

Show run asdm

Show flash

Show run aaa

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

POWELLMI01 · ‎04-05-2013

I had already reset the appliance to factory settings to be sure there were no surprises. Following is a log of the information you requested with some additional displays.

ciscoasa# show run http
http server enable
http 192.168.1.0 255.255.255.0 inside

ciscoasa# show run asdm

no asdm history enable

ciscoasa# show flash
--#-- --length-- -----date/time------ path
182 16275456    Feb 09 2011 10:07:22 asa821-k8.bin
183 49152       Jan 01 1980 00:00:00 FSCK0000.REC
   13 2048        Feb 09 2011 10:09:22 coredumpinfo
   14 43          Apr 03 2013 19:07:14 coredumpinfo/coredump.cfg
184 11348300    Feb 09 2011 10:10:14 asdm-621.bin
    3 2048        Feb 09 2011 10:13:52 log
   12 2048        Feb 09 2011 10:14:00 crypto_archive
186 2048        Jan 01 1980 00:00:00 FSCK0001.REC
187 12105313    Feb 09 2011 10:14:16 csd_3.5.841-k9.pkg
188 2048        Feb 09 2011 10:14:18 sdesktop
223 0           Feb 09 2011 10:14:18 sdesktop/data.xml
189 2857568     Feb 09 2011 10:14:18 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
190 3203909     Feb 09 2011 10:14:20 anyconnect-win-2.4.1012-k9.pkg
191 4832344     Feb 09 2011 10:14:22 anyconnect-macosx-i386-2.4.1012-k9.pkg
192 5209423     Feb 09 2011 10:14:24 anyconnect-linux-2.4.1012-k9.pkg
193 2048        Jan 01 1980 00:00:00 FSCK0002.REC
194 2048        Jan 01 1980 00:00:00 FSCK0003.REC
195 92160       Jan 01 1980 00:00:00 FSCK0004.REC
196 2048        Jan 01 1980 00:00:00 FSCK0005.REC
197 2048        Jan 01 1980 00:00:00 FSCK0006.REC
198 2048        Jan 01 1980 00:00:00 FSCK0007.REC
199 675840      Jan 01 1980 00:00:00 FSCK0008.REC
200 2048        Jan 01 1980 00:00:00 FSCK0009.REC
201 677888      Jan 01 1980 00:00:00 FSCK0010.REC
202 30720       Jan 01 1980 00:00:00 FSCK0011.REC

203 30720       Jan 01 1980 00:00:00 FSCK0012.REC
204 2048        Jan 01 1980 00:00:00 FSCK0013.REC
205 2048        Jan 01 1980 00:00:00 FSCK0014.REC
206 4096        Jan 01 1980 00:00:00 FSCK0015.REC
207 4096        Jan 01 1980 00:00:00 FSCK0016.REC
208 4096        Jan 01 1980 00:00:00 FSCK0017.REC
209 4096        Jan 01 1980 00:00:00 FSCK0018.REC
210 6144        Jan 01 1980 00:00:00 FSCK0019.REC
211 6144        Jan 01 1980 00:00:00 FSCK0020.REC
212 6144        Jan 01 1980 00:00:00 FSCK0021.REC
213 22528       Jan 01 1980 00:00:00 FSCK0022.REC
214 38912       Jan 01 1980 00:00:00 FSCK0023.REC
215 34816       Jan 01 1980 00:00:00 FSCK0024.REC
216 43008       Jan 01 1980 00:00:00 FSCK0025.REC
217 2048        Jan 01 1980 00:00:00 FSCK0026.REC
218 26624       Jan 01 1980 00:00:00 FSCK0027.REC
219 2048        Jan 01 1980 00:00:00 FSCK0028.REC
220 26624       Jan 01 1980 00:00:00 FSCK0029.REC
221 2048        Jan 01 1980 00:00:00 FSCK0030.REC

127135744 bytes total (69373952 bytes free)

ciscoasa# show aaa run aaa

ciscoasa# show aaa-server
Server Group: LOCAL
Server Protocol: Local database
Server Address: None
Server port: None
Server status: ACTIVE, Last transaction at unknown
Number of pending requests0
Average round trip time0ms
Number of authentication requests0
Number of authorization requests0
Number of accounting requests0
Number of retransmissions0
Number of accepts0
Number of rejects0
Number of challenges0
Number of malformed responses0
Number of bad authenticators0
Number of timeouts0
Number of unrecognized responses0

ciscoasa# show startup-config
: Saved
: Written by enable_15 at 19:07:13.999 UTC Wed Apr 3 2013
!
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable

http 192.168.1.0 255.255.255.0 inside
no snmp-server location

no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept

webvpn
!

!

prompt hostname context
Cryptochecksum:df13f02418c45ffcfe085bf14bc0348d

ciscoasa# exit

Logoff

Julio Carvajal · ‎04-05-2013

Hello Robert,

You are missing this command:

asdm image flash:asdm-621.bin

Regards,

Let me know the results

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

POWELLMI01 · ‎04-05-2013

I entered priveleged configure mode and issued the command as you specified. It did not appear to change anything. It did seem to accept the command. Did I enter it properly? I am new to this so you may have to be very exact as to where you want the command placed. Here are some of the results:

ciscoasa# show flash
--#-- --length-- -----date/time------ path
182 16275456    Feb 09 2011 10:07:22 asa821-k8.bin
183 49152       Jan 01 1980 00:00:00 FSCK0000.REC
   13 2048        Feb 09 2011 10:09:22 coredumpinfo
   14 43          Apr 05 2013 18:25:41 coredumpinfo/coredump.cfg
184 11348300    Feb 09 2011 10:10:14 asdm-621.bin
    3 2048        Feb 09 2011 10:13:52 log
   12 2048        Feb 09 2011 10:14:00 crypto_archive
186 2048        Jan 01 1980 00:00:00 FSCK0001.REC
187 12105313    Feb 09 2011 10:14:16 csd_3.5.841-k9.pkg
188 2048        Feb 09 2011 10:14:18 sdesktop
223 0           Feb 09 2011 10:14:18 sdesktop/data.xml
189 2857568     Feb 09 2011 10:14:18 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
190 3203909     Feb 09 2011 10:14:20 anyconnect-win-2.4.1012-k9.pkg
191 4832344     Feb 09 2011 10:14:22 anyconnect-macosx-i386-2.4.1012-k9.pkg
192 5209423     Feb 09 2011 10:14:24 anyconnect-linux-2.4.1012-k9.pkg
193 2048        Jan 01 1980 00:00:00 FSCK0002.REC
194 2048        Jan 01 1980 00:00:00 FSCK0003.REC
195 92160       Jan 01 1980 00:00:00 FSCK0004.REC
196 2048        Jan 01 1980 00:00:00 FSCK0005.REC
197 2048        Jan 01 1980 00:00:00 FSCK0006.REC
198 2048        Jan 01 1980 00:00:00 FSCK0007.REC
199 675840      Jan 01 1980 00:00:00 FSCK0008.REC
200 2048        Jan 01 1980 00:00:00 FSCK0009.REC
201 677888      Jan 01 1980 00:00:00 FSCK0010.REC
202 30720       Jan 01 1980 00:00:00 FSCK0011.REC
203 30720       Jan 01 1980 00:00:00 FSCK0012.REC
204 2048        Jan 01 1980 00:00:00 FSCK0013.REC
205 2048        Jan 01 1980 00:00:00 FSCK0014.REC
206 4096        Jan 01 1980 00:00:00 FSCK0015.REC
207 4096        Jan 01 1980 00:00:00 FSCK0016.REC
208 4096        Jan 01 1980 00:00:00 FSCK0017.REC
209 4096        Jan 01 1980 00:00:00 FSCK0018.REC
210 6144        Jan 01 1980 00:00:00 FSCK0019.REC
211 6144        Jan 01 1980 00:00:00 FSCK0020.REC
212 6144        Jan 01 1980 00:00:00 FSCK0021.REC
213 22528       Jan 01 1980 00:00:00 FSCK0022.REC
214 38912       Jan 01 1980 00:00:00 FSCK0023.REC
215 34816       Jan 01 1980 00:00:00 FSCK0024.REC
216 43008       Jan 01 1980 00:00:00 FSCK0025.REC
217 2048        Jan 01 1980 00:00:00 FSCK0026.REC
218 26624       Jan 01 1980 00:00:00 FSCK0027.REC
219 2048        Jan 01 1980 00:00:00 FSCK0028.REC
220 26624       Jan 01 1980 00:00:00 FSCK0029.REC
221 2048        Jan 01 1980 00:00:00 FSCK0030.REC

127135744 bytes total (69373952 bytes free)

ciscoasa# show running-config
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
!
prompt hostname context
Cryptochecksum:8ea61ab256c327cfb8554acbd16f03e4
: end

ciscoasa# show configuration
: Saved
: Written by enable_15 at 18:20:14.379 UTC Fri Apr 5 2013
!
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
!
prompt hostname context
Cryptochecksum:8ea61ab256c327cfb8554acbd16f03e4

ciscoasa#

Julio Carvajal · ‎04-05-2013

Hello Robert,

It looks good to me now, you were missing that command ( U have it now)

are you entering

https://192.168.1.1 On a computer on the inside interface??

Can you enable the following

debug http 255

and then try to connect

Share the debugs

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

POWELLMI01 · ‎04-06-2013

I connected to port 2 with the computer and entered http://192.168.1.1. Then I entered http://192.168.1.1/admin. In both cases the Internet Explorer cannot display the webpage was received. I have attached the short debug information.

debug http 255
debug http enabled at level 255.

ciscoasa# HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
admin HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
HTTP: Periodic admin session check (idle-timeout = 1200, session-timeout = 0)
exit

Logoff

Marvin Rhoads · ‎04-06-2013

Your configuration allows http on the Inside (VLAN 1) interfaces but you only have a single switch port assigned to any VLAN - e0/0 assigned to Outside (VLAN 2).

Assign a port to the Inside VLAN 1 and try your ASDM login from a PC connected there.

Here is the relevant configuration guide section:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intrface.html#wp1088804

Julio Carvajal · ‎04-06-2013

Hello Marvin,

By default all ports belong to vlan 1, it is implicited that they are assigned to vlan 1 even if that does not appear on the config.

Robert,

from that computer can you ping 192.168.1.1?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

POWELLMI01 · ‎04-07-2013

Sorry I didn't reply sooner. I inadvertently lost the configuration but I think I'm OK now. I'm using asa821-k8.bin and asdm-621.bin on the appliance. I added the command asdm image flash:asdm-621.bin to the restored factory configuration. I am using port 2 for the host connection (VLAN1). I ping 192.168.1.1 from the host connected to port 2 and receive the standard successful reply.

Is the http 192.168.1.0 255.255.255.0 inside statement correct in the factory configuration?

enable 15
Password:

ciscoasa# configure terminal

ciscoasa(config)# show flash
--#-- --length-- -----date/time------ path
   58 16275456    Feb 09 2011 10:07:22 asa821-k8.bin
   59 49152       Jan 01 1980 00:00:00 FSCK0000.REC
   13 2048        Feb 09 2011 10:09:22 coredumpinfo
   14 43          Apr 07 2013 07:53:11 coredumpinfo/coredump.cfg
   60 11348300    Feb 09 2011 10:10:14 asdm-621.bin
    3 2048        Feb 09 2011 10:13:52 log
   12 2048        Feb 09 2011 10:14:00 crypto_archive
   62 2048        Jan 01 1980 00:00:00 FSCK0001.REC
   63 12105313    Feb 09 2011 10:14:16 csd_3.5.841-k9.pkg
   64 2048        Feb 09 2011 10:14:18 sdesktop
103 0           Feb 09 2011 10:14:18 sdesktop/data.xml
   65 2857568     Feb 09 2011 10:14:18 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
   66 3203909     Feb 09 2011 10:14:20 anyconnect-win-2.4.1012-k9.pkg
   67 4832344     Feb 09 2011 10:14:22 anyconnect-macosx-i386-2.4.1012-k9.pkg
   68 5209423     Feb 09 2011 10:14:24 anyconnect-linux-2.4.1012-k9.pkg
   69 2048        Jan 01 1980 00:00:00 FSCK0002.REC
   70 2048        Jan 01 1980 00:00:00 FSCK0003.REC
   71 92160       Jan 01 1980 00:00:00 FSCK0004.REC
   72 2048        Jan 01 1980 00:00:00 FSCK0005.REC
   73 2048        Jan 01 1980 00:00:00 FSCK0006.REC
   74 2048        Jan 01 1980 00:00:00 FSCK0007.REC
   75 675840      Jan 01 1980 00:00:00 FSCK0008.REC
   76 2048        Jan 01 1980 00:00:00 FSCK0009.REC
   77 677888      Jan 01 1980 00:00:00 FSCK0010.REC

   78 30720       Jan 01 1980 00:00:00 FSCK0011.REC
   79 30720       Jan 01 1980 00:00:00 FSCK0012.REC
   80 2048        Jan 01 1980 00:00:00 FSCK0013.REC
   81 2048        Jan 01 1980 00:00:00 FSCK0014.REC
   82 4096        Jan 01 1980 00:00:00 FSCK0015.REC
   83 4096        Jan 01 1980 00:00:00 FSCK0016.REC
   84 4096        Jan 01 1980 00:00:00 FSCK0017.REC
   85 4096        Jan 01 1980 00:00:00 FSCK0018.REC
   86 6144        Jan 01 1980 00:00:00 FSCK0019.REC
   87 6144        Jan 01 1980 00:00:00 FSCK0020.REC
   88 6144        Jan 01 1980 00:00:00 FSCK0021.REC
   89 22528       Jan 01 1980 00:00:00 FSCK0022.REC
   90 38912       Jan 01 1980 00:00:00 FSCK0023.REC
   91 34816       Jan 01 1980 00:00:00 FSCK0024.REC
   92 43008       Jan 01 1980 00:00:00 FSCK0025.REC
   93 2048        Jan 01 1980 00:00:00 FSCK0026.REC
   94 26624       Jan 01 1980 00:00:00 FSCK0027.REC
   95 2048        Jan 01 1980 00:00:00 FSCK0028.REC
   96 26624       Jan 01 1980 00:00:00 FSCK0029.REC
   97 2048        Jan 01 1980 00:00:00 FSCK0030.REC

127135744 bytes total (69373952 bytes free)

ciscoasa(config)# show running-config
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
!
prompt hostname context
Cryptochecksum:cbc2da1e87c4a39814d7e2825121d3e0
: end

ciscoasa(config)# show startup-config
: Saved
: Written by enable_15 at 07:53:10.829 UTC Sun Apr 7 2013
!
ASA Version 8.2(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
!
prompt hostname context
Cryptochecksum:cbc2da1e87c4a39814d7e2825121d3e0

ciscoasa(config)#

Julio Carvajal · ‎04-07-2013

share show ssl,

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

POWELLMI01 · ‎04-07-2013

ciscoasa(config)# show ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Disabled ciphers: des-sha1 rc4-md5 null-sha1
No SSL trust-points configured
Certificate authentication is not enabled

ciscoasa(config)#

Julio Carvajal · ‎04-08-2013

Hello Robert,

This should be working by now,

What are you getting on the Java logs???

What java version are you running?

Not sure if we discussed this before, but from the computer can you ping the ASA inside IP address??

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC