07-03-2012 04:34 AM - edited 03-11-2019 04:25 PM
hi,
when i am trying to access the webpage for asdm then the internet explorer is showing "internet explorer can not display the webpage" from the inside interface. following is the show version and show runing config. i checked with asdm 6.2.1 and 6.4.9.kindly suggest what could be the reason..
CBAH# sh version
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.4(9)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
CBAH up 15 hours 1 min
Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0 : address is c84c.7599.4810, irq 9
1: Ext: GigabitEthernet0/1 : address is c84c.7599.4811, irq 9
2: Ext: GigabitEthernet0/2 : address is c84c.7599.4812, irq 9
3: Ext: GigabitEthernet0/3 : address is c84c.7599.4813, irq 9
4: Ext: Management0/0 : address is c84c.7599.480f, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Disabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 750
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX1432L0JM
Running Activation Key: 0x042cd360 0x4c819429 0xf4927584 0x8ea0082c 0x8f3d07bf
Configuration register is 0x1
Configuration last modified by enable_15 at 03:19:58.868 UTC Tue Jul 3 2012
show run
ASA Version 8.2(1)
!
hostname CBAH
domain-name corinthia.local
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.1.216 255.255.255.0
!
interface GigabitEthernet0/1
nameif testing
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
<--- More --->
!
interface GigabitEthernet0/3
nameif outside
security-level 0
ip address 62.240.63.45 255.255.255.248
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 62.240.32.5
name-server 62.68.42.2
name-server 4.2.2.2
name-server 4.2.2.3
domain-name corinthia.local
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
access-list INTERNET extended permit ip 192.168.1.0 255.255.255.0 any
<--- More --->
access-list INTERNET extended permit ip 192.168.2.0 255.255.255.0 any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu management 1500
mtu testing 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 access-list INTERNET
nat (inside) 1 192.168.1.0 255.255.255.0
nat (testing) 1 192.168.2.0 255.255.255.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 62.240.63.42 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
<--- More --->
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
<--- More --->
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:e8c7560ce2dc8a100cc77f09a2b80393
: end
CBAH# sh flash:
--#-- --length-- -----date/time------ path
124 16275456 Aug 03 2010 10:09:54 asa821-k8.bin
125 11348300 Aug 03 2010 12:17:30 asdm-621.bin
3 4096 Jan 01 2003 00:03:50 log
10 4096 Jan 01 2003 00:03:58 crypto_archive
11 4096 Jan 01 2003 00:04:30 coredumpinfo
12 43 Jul 03 2012 03:18:45 coredumpinfo/coredump.cfg
127 12105313 Aug 03 2010 12:14:58 csd_3.5.841-k9.pkg
128 4096 Aug 03 2010 12:15:02 sdesktop
135 1462 Aug 03 2010 12:15:02 sdesktop/data.xml
129 2857568 Aug 03 2010 12:15:02 anyconnect-wince-ARMv4I-2.4.1012-k9.pkg
130 3203909 Aug 03 2010 12:15:04 anyconnect-win-2.4.1012-k9.pkg
131 4832344 Aug 03 2010 12:15:06 anyconnect-macosx-i386-2.4.1012-k9.pkg
132 5209423 Aug 03 2010 12:15:08 anyconnect-linux-2.4.1012-k9.pkg
133 18927088 Jun 28 2012 08:09:30 asdm-649.bin
Solved! Go to Solution.
07-03-2012 04:53 AM
The luink shoudl be working, I tried that again:
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
To enter the license you need to do;
activation-key <5 tuple license key>
If the link does not work, send an e-mail to licensing@cisco.com and they would send you the license file.
Thanks,
Varun Rao
Security Team,
Cisco TAC
07-03-2012 04:43 AM
You would need a 3DES license for it, kindly download and install the limcense from the link below, and it should work after that:
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
Its for free.
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
07-03-2012 04:46 AM
hi ,
the link is not working . Also tell me the proceedure to enter that license information in cisco asa.
Regards
07-03-2012 04:46 AM
Is the system you are coming from on the 192.168.1.0/24 network? The configuration command "http 192.168.1.0 255.255.255.0 inside" restricts ASDM access to systems there.
Your ASDM image is on the disk0:/ filesystem, yes? Please check "dir disk0: to confirm. ("show flash" is ambiguous in that respect.)
07-03-2012 04:49 AM
hi Marvin,
I checked disk0: .. yes the files are there.
Regards
07-03-2012 04:53 AM
The luink shoudl be working, I tried that again:
https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
To enter the license you need to do;
activation-key <5 tuple license key>
If the link does not work, send an e-mail to licensing@cisco.com and they would send you the license file.
Thanks,
Varun Rao
Security Team,
Cisco TAC
07-03-2012 04:54 AM
if user iscoming from 192.168.1.0 and ASDM is located on disk0:/ then I suspect client configuration issues.
Can you check output of asdm log ("show log asdm" from cli) during unsuccessful login attempt? Have you tried using ASDM applet on a working machine? Capture traffic on Wireshark while trying to login. These are all steps I would take in troubleshooting.
07-03-2012 05:36 AM
hi,
I activated the license but still it was not working..it worked when i added the command "ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1" and is working now..thanx
03-16-2013 04:23 PM
Interesting..i tore my hair off all day trying to get asdm to work after loading image again..i erased disk mistakenly..
at the end of the day, the command above also worked for me..gem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide