03-18-2008 06:44 AM - edited 03-11-2019 05:19 AM
Hi,
I'm new to ASA and have a question about what alternatives there is to manage the ASA "out of the box".
My problem is that after uppgrading ASDM to 6.0(3) I get the following error message:
"Your ASA Image has a version number 7.2(2) which is not supported by ASDM 6.0(2). Please use Device Mgr 5.2(x)"
I've tried downloading and installing ASDM 5.2(3) but when I try to connect it upgrades leaving me stucked with no connection.
The thing I think is making this is: asdm image flash:/asdm-603.bin...
When trying to connect with SSH i recieve a login prompt but can't login with the same password as through ASDM. (are the login options different from ASDM?).
I've never needed to connect through terminal and Console: Does the login options (user and pwd) differ in some way from ASDM?
I have not changed any settings as far as I know for administrative access more then enabling ASDM for VPN https access.
Hope someone can help me regaining access to my ASA.
Solved! Go to Solution.
03-18-2008 08:51 AM
First try fixing asdm, go to firewall command line and see where your asdm upgrade image landed "dir", most likely it landed in disk0, if that is the case do " show run | inc asdm" to see current firewall asdm statement and correct as follows.
example:
AsAfw# dir
Directory of disk0:/
75 -rwx 6851212 05:22:16 Dec 11 2007 asdm-603.bin
76 -rwx 1868412 09:02:20 Apr 19 2007 securedesktop-asa-3.1.1.29-k9.pkg
77 -rwx 398305 09:02:36 Apr 19 2007 sslclient-win-1.1.0.154.pkg
2 drwx 4096 05:27:40 Dec 11 2007 log
79 -rwx 14635008 05:17:54 Dec 11 2007 asa803-k8.bin
80 drwx 4096 11:00:56 Oct 18 2007 sdesktop
6 drwx 4096 05:28:02 Dec 11 2007 crypto_archive
81 -rwx 545757 08:02:48 Jan 04 2008 rdp-plugin.jar
82 -rwx 2206269 08:03:34 Jan 04 2008 sslclient-win-1.1.4.177-anyconnect.pkg
verify that indeed your asdm 5.2.3 the one you downloaded is in disk0 directory, if it is there do the following to verify asdm config statement in firewall.
show run | inc asdm
it will show the firewall current asdm config statement, if it is still loading 603 you must correct it.
example:
remove old statement, add new statement
asa#config t
asa(config)#no asdm image disk0:/asdm-603.bin
asa(config)#asdm image disk0:/new_asdm_image.bin
asa(config)#exit
asa#write mem
I do not believe you need reboot after changing statement, after corrections try loading asdm, if it does no load then reboot asa, but again asdm should load without reload.
as for ssh follow this link.( use aaa authentication local )
Let us know how it works out.
HTH
Rgds
Jorge
Rate any helpful posts if it helps
03-18-2008 08:51 AM
First try fixing asdm, go to firewall command line and see where your asdm upgrade image landed "dir", most likely it landed in disk0, if that is the case do " show run | inc asdm" to see current firewall asdm statement and correct as follows.
example:
AsAfw# dir
Directory of disk0:/
75 -rwx 6851212 05:22:16 Dec 11 2007 asdm-603.bin
76 -rwx 1868412 09:02:20 Apr 19 2007 securedesktop-asa-3.1.1.29-k9.pkg
77 -rwx 398305 09:02:36 Apr 19 2007 sslclient-win-1.1.0.154.pkg
2 drwx 4096 05:27:40 Dec 11 2007 log
79 -rwx 14635008 05:17:54 Dec 11 2007 asa803-k8.bin
80 drwx 4096 11:00:56 Oct 18 2007 sdesktop
6 drwx 4096 05:28:02 Dec 11 2007 crypto_archive
81 -rwx 545757 08:02:48 Jan 04 2008 rdp-plugin.jar
82 -rwx 2206269 08:03:34 Jan 04 2008 sslclient-win-1.1.4.177-anyconnect.pkg
verify that indeed your asdm 5.2.3 the one you downloaded is in disk0 directory, if it is there do the following to verify asdm config statement in firewall.
show run | inc asdm
it will show the firewall current asdm config statement, if it is still loading 603 you must correct it.
example:
remove old statement, add new statement
asa#config t
asa(config)#no asdm image disk0:/asdm-603.bin
asa(config)#asdm image disk0:/new_asdm_image.bin
asa(config)#exit
asa#write mem
I do not believe you need reboot after changing statement, after corrections try loading asdm, if it does no load then reboot asa, but again asdm should load without reload.
as for ssh follow this link.( use aaa authentication local )
Let us know how it works out.
HTH
Rgds
Jorge
Rate any helpful posts if it helps
03-18-2008 09:04 AM
Hi Jorge,
thanks for the post. A couple of questions so I understand Your response correctly:
I need to connect through Console at this point because I haven't done the SSH config, right? There is no "default" username to connect?
Not beeing familiar with the console connection: Is there some username or password other then used in ASDM?
Thanks once again for Your help, I'll give You some feedback when I've tried Your suggestions on site.
03-18-2008 09:14 AM
correct.. is this firewall new out of the box? if so there should not be any username configurations in it..you should be able to connect to console without authentication..
if new asa just try connecting through console see what you get.. press enter several times, and type enable to get to enable mode.. terminal emulation settings are
COM1, 9600 bps, data 8, partity none, stop bits 1, flow hardware..
[edit] some basic guide on asa basic configs.
http://www.cisco.com/en/US/docs/security/asa/asa71/getting_started/asa5500/quick/guide/asa_gsg.html
03-18-2008 09:20 AM
Well, there is a local user that I've made for test VPN connections. There is also a AAA config for VPN connections. However I haven't issued the commands for SSH (as described in the link You supplied)...
Think 'm stuck with console the next time I'll get on site... :-p
I'll get back to You then!
03-18-2008 09:23 AM
No problem, please do so.. I or netpro folks will be here..:-)
03-19-2008 09:11 AM
Yeah!
Worked great, thanks.
Can't understand why SSH is enabled on inside interface in default config but not the local authentication of SSH sessions... Whats the point enabling something You cant use?
However, I've learned to:
aaa authentication ssh console LOCAL
before doing anything else on my ASA:s... ;-)
03-19-2008 10:25 AM
Pete, thanks for the update. Indeed, I do not believe ssh
Thanks fort the rating , I encourange you to participate in cisco forums, you'll be surprise how much you can learn here as well as share your networking experiences.
Bst Rgds
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide