ASA 5510 ASDM Issue

gouwsandre7 · ‎03-14-2013

Hello Everyone

We have ASA 5510 that was working pefectly. We had a pwer outage recently and the ASA is still working accept I am unable to launch the ASDM.

I simply get a error failure to launch ASDM from.

Here is the config

show version

Cisco Adaptive Security Appliance Software Version 8.0(2) <system>

Device Manager Version 6.1(1)

Compiled on Fri 15-Jun-07 19:29 by builders

System image file is "disk0:/asa802-k8.bin"

Config file at boot was "startup-config"

cpix up 16 days 1 hour

failover cluster up 16 days 1 hour

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : CN1000-MC-BOOT-2.00

SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01

IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0 : address is 0024.9750.4630, irq 9

1: Ext: Ethernet0/1 : address is 0024.9750.4631, irq 9

2: Ext: Ethernet0/2 : address is 0024.9750.4632, irq 9

3: Ext: Ethernet0/3 : address is 0024.9750.4633, irq 9

4: Ext: Management0/0 : address is 0024.9750.462f, irq 11

5: Int: Not used : irq 11

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : 250

WebVPN Peers : 2

Advanced Endpoint Assessment : Disabled

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1317L0Y3

Running Activation Key: 0x8b39ed52 0x6cbf11a2 0x8c30dd7c 0x96945018 0xc20a3d98

Configuration register is 0x1

Configuration has not been modified since last system restart.

show flash

--#-- --length-- -----date/time------ path

64 11793 Feb 23 2013 21:00:38 adsl.cfg

6 8192 Apr 23 2009 23:36:24 crypto_archive

65 6059 Feb 01 2013 12:01:14 diginet.cfg

67 14524416 May 27 2009 06:19:58 asa802-k8.bin

68 7295568 May 26 2009 01:51:20 asdm-611.bin

2 8192 May 27 2009 06:22:52 log

69 2214 May 27 2009 07:04:46 old_running.cfg

70 6539 Oct 23 2012 12:23:18 admin.cfg

show asdm image

Device Manager image file, disk0:/asdm-611.bin

Any help will be appreciated. Please bare with me, I merely inherited this network I am administering, so I am still getting to grips with everything.

Thanks

Andre

julomban · ‎03-14-2013

Hello Andre,

Could you please verify the jave version that you are running on your PC? if you are running version 7 you might want to downgraded to 6.

Also, you can run the "clear config ssl" command on the ASA, this will revert to default values. This is for SSL encryption which ASDM needed.

I hope this help.

Regards,

Juan Lombana

Please rate helpful posts.

gouwsandre7 · ‎03-14-2013

Hi Juan

I am using Java 6, I am aware about the asdm not working with java 7. It is almost like the asa is no longer listening on port 443. I tried clearing the ssl config as suggested, no luck. The command was not accepted.

cpix(config)# clear config ssl

^

ERROR: % Invalid input detected at '^' marker.

Do you have any other suggestions?

Thanks and really appreciate the help.

Andre

julomban · ‎03-14-2013

Andre,

Strange that is not accepting the command, i just tried here and it worked:

ciscoasa(config)# clear config ssl

ciscoasa(config)#

Are you sure your username has full privileges to add commands?

Also, could you please share the "show run http" output from your ASA?

Regards,

Juan Lombana

Please rate helpful posts.

gouwsandre7 · ‎03-14-2013

Hi Juan

Very strange indeed. I have seen it with a few other commands as well, including http server enable.

show run http has the same result.

cpix(config)# show run http

^

ERROR: % Invalid input detected at '^' marker.

I am using the same login details as before when there was no problems. The login I am using is the original login used to setup the ASA so it has full priveleges to add commands yes.

julomban · ‎03-14-2013

Andre,

It seems like you don’t have enough rights to execute commands. How are you connecting to the ASA? Via SSH, telnet or console?

Regards,

Juan Lombana

gouwsandre7 · ‎03-14-2013

Hi Juan

I am connecting directly via console.

Thanks

Andre

julomban · ‎03-14-2013

Andre,

Ok, so when you login via console is also asking you for username and password?

If that’s the case you are using a ACS server for authentication such as TACACS or Radius.

Regards,

Juan Lombana

gouwsandre7 · ‎03-14-2013

Hi Juan

It simply asks me for a enable password.

No username or ACS server.

Thanks

Andre

julomban · ‎03-14-2013

Hi Andre,

That's odd, if you are only typing the enable password you shouldn’t have any privileges restrictions. Are you having problems with all the commands or with some particular commands?

Regards,

Juan Lombana

jocamare · ‎03-14-2013

Move to the context you want to access using ASDM.

Use the "changeto context " command to do so.

Then try to get the information Juan requested.

gouwsandre7 · ‎03-14-2013

Hi Juan

I was able to get the info required using jocamare's suggestion. Thanks jocamare.

Here is the info you were looking for Juan

We have 3 contexts.

cpix/admin# show run http

http server enable

http 172.16.3.0 255.255.255.0 dmz

http 192.168.1.0 255.255.255.0 dmz

http 172.16.1.100 255.255.255.255 dmz

cpix/adsl# show run http

http server enable

http 172.16.3.11 255.255.255.255 inside

Any ideas?

Thanks again for the help, really appreciating it.

Andre

gouwsandre7 · ‎03-15-2013

Hi Juan

I have solved the problem. I installed new managed switches and added 2 new ranges to the network, I just had to change a few routes on the admin context. Thanks again for your help, you definately pointed me in the right direction.

Thanks

Andre