Have you confirmed you have the 3DES-AES license installed?

- Checked and present

Have you verified that the ASDM image is on disk0?

Checked and set.

Have you checked to make sure the RSA key and self-signed certificate is present on the ASA?

Have not verified this - will check, thank you.

RSA key pair generated

Self signed cert info:

crypto ca trustpoint self
enrollment self
fqdn *****************
subject-name ***********
keypair sslvpnkeypair
crl configure
crypto ca trustpool policy
crypto ca certificate chain self

ssl trust-point self outside
ssl trust-point self inside

Same behavior, no launch of the ASDM page.

The plot thickens... I have been trying various forms of management access and I cannot get any access to the device except console.  Telnet, SSH or ASDM.  I owned and managed a 5505, so I'm not "new" to the config.  I have reviewed various setup guides, troubleshooting steps, the logs on the device, and it just will not allow a connection, it is almost as if there is an ACL or something like it on the inside interface or something I'm "missing" that is right in front of my nose. *sigh*

Redacted config:

ASA Version 9.6(1)
!
hostname *******
domain-name ******
enable password ***** encrypted
names

!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 192.168.1.254 255.255.255.0
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.123.254 255.255.255.0
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
name-server 71.242.0.12
name-server 68.237.161.12
domain-name *********
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging enable
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-782-151.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (any,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 192.168.123.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint self
enrollment self
fqdn **********
subject-name ********
keypair sslvpnkeypair
crl configure
crypto ca trustpool policy
crypto ca certificate chain self
certificate ************
quit
telnet 192.168.123.0 255.255.255.0 inside
telnet timeout 5
ssh scopy enable
no ssh stricthostkeycheck
ssh 192.168.123.0 255.255.255.0 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0

ntp server 206.246.118.250 source outside prefer
ntp server 129.6.15.29 source outside prefer
ntp server 129.6.15.28 source outside prefer
ntp server 208.184.49.9 source outside prefer
ssl trust-point self outside
ssl trust-point self inside
dynamic-access-policy-record DfltAccessPolicy
username ****** password ******** encrypted privilege ****
username ****** password ****** encrypted privilege ****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 2
: end

Are you plugging your PC into the inside interface directly with a static IP address in the 192.168.123.0/24 subnet - no switch or other network between them?

PC is directly connected with a static IP, correct.

Have you tried running wireshark on the PC whilst trying to connect?

Start with a telnet attempt as that would be unencrypted. (Of course it's not recommended to have enabled on the ASA in general.)

Make sure your PC is getting an arp entry for the ASA inside address (MAC address from "arp -a" on the PC matches "show interface" output from the console).

Make sure any PC-based firewall is either disabled or set to allow the traffic in question.

Thanks, I'll give wireshark a try. Telnet is not used once it is in production just as a testing measure.

This client has been used for ssh and asdm on my recently deceased 5505 without issues.

Checked arp -a on PC, mac address for ASA matches inside G1/2 interface.

Wireshark shows what I suspected, messages from PC sent to establish session, no response from ASA, a few TCP retransmits and then session closes.

The interface is dropping a considerable amount of packets to which I can imagine some of those drops are my SSH and Telnet requests.

Interface GigabitEthernet1/2 "inside", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
MAC address a023.9fd5.6057, MTU 1500
IP address 192.168.123.254, subnet mask 255.255.255.0
7600 packets input, 1526358 bytes, 0 no buffer
Received 2312 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
345 L2 decode drops
434 packets output, 30883 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (980/893)
output queue (blocks free curr/low): hardware (1023/1021)
Traffic Statistics for "inside":
7119 packets input, 1331751 bytes
434 packets output, 15995 bytes
5391 packets dropped
1 minute input rate 1 pkts/sec, 172 bytes/sec
1 minute output rate 0 pkts/sec, 5 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 233 bytes/sec
5 minute output rate 0 pkts/sec, 1 bytes/sec
5 minute drop rate, 0 pkts/sec

Thanks for the update. I was down to my last suggestions on the ASA itself short of a possible hardware problem. That's why I was concentrating on the direct network connection and client-side firewall etc.