Solved: Re: ASA 5555x Monitoring Connection Disconnected

AD_NetSec · ‎04-25-2022

Hi guys,

I wonder if anyone has run into the problem recently with ASA Monitoring showing as disconnected? At first ASDM had an issue with refusing RADIUS authentication, but changing the default HTTP port fixed that. We continued to have problems with displaying monitoring data such as CPU/RAM/Interfaces. Syslog works normally, so is making any config changes and saving them. We are running on ASA 9.14.4 and ASDM 7.17(1).152. TAC has recommended a reload, but we are trying to avoid it if possible due to production implications. Any advice will be greatly appreciated.

AD_NetSec · ‎04-28-2022

Solution: downgrade to ASDM 7.17.1

http server enable 8443

Cisco TAC replicated the problem with ASDM 7.17(1).152. and ASA 9.14.4. Changing the http port is still required otherwise login will not work.

View solution in original post

AD_NetSec · ‎04-28-2022

Solution: downgrade to ASDM 7.17.1

http server enable 8443

Cisco TAC replicated the problem with ASDM 7.17(1).152. and ASA 9.14.4. Changing the http port is still required otherwise login will not work.

dotran · ‎05-02-2022

After upgrading ASA from 9.14(2).15 to 9.14.4 and ASDM from 7.16(1).150 to 7.17(1).152, I can no longer login via ASDM. Keeps prompting for a credentials. Changing the http server to port 8443 works as a workaround. Definitely a bug.

dotran · ‎05-05-2022

Just wanted to provide an update. The RCA why we were not able to login via ASDM via port 443 is because we had Anyconnect enable on the inside interface which caused a port conflict. HOWEVER, we have been running this configuration for the past several years for testing and had not experience an issue until the last upgrade so something changed. Perhaps the latest changes to address the latest webvpn DoS vulternability played a factor?

NOTE: We downgraded asdm to 7.17(1) per TAC suggestion since we saw errors in obtaining environmental metrics and monitoring data such as CPU/RAM/Interfaces.