cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1220
Views
0
Helpful
7
Replies

ASA cannot logon w/ ADSM (SSH is OK)

johanhofmans
Level 1
Level 1

all,

since yesterday, I cannot logon with adsm anymore.

when I run adsm, I type in my pw, and the screen keeps displaying "contacting the device". No timeout, just stays this way.

I've updated the java version, no luck.

I can connect with SSH with no problem.

device = asa5550, 8.2(1) asdm 6.2(1)

pieces of the config:

---

BE01NF21#sh run all ssl

ssl server-version any

ssl client-version any

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

BE01NF21#sh asp table socket     

Protocol  Socket    Local Address               Foreign Address         State

SSL       000028ef  192.168.126.1:443           0.0.0.0:*               LISTEN

TCP       000047df  192.168.126.1:22            0.0.0.0:*               LISTEN

TCP       0123e588  192.168.126.1:22            192.168.126.3:26807     ESTAB

---

(126.1 is the interface I connect to)

output of debug http 255:

---

HTTP: processing ASDM request [/admin/version.prop] with cookie-based authentication (aware_webvpn_conf.re2c:398)

HTTP: check admin session. Cookie index [-1][0]

HTTP: client certificate required = 0

--- no further output

On another ASA device the debug output is different (asdm does work with this device):

---

HTTP: processing ASDM request [/admin/version.prop] (aware_webvpn_conf.re2c:417)

HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]

HTTP: session verified =  [0]

HTTP: processing GET URL '/admin/version.prop' from host

etc...

---

notice that there is no "with cookie-based authentication" here -- is this relevant?

Rebooting the device is not really an option... Does anyone have another idea ??

THANKS !!

1 Accepted Solution

Accepted Solutions

Do you have any command like:

aaa authentication http console LOCAL

can you remove it and try again.

is it same with the launcher and browser??

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

7 Replies 7

varrao
Level 10
Level 10

Do you have any webvpn configured on port 443? Try enabling ASDM access onany other port.

https server enable 8443

and then access from browser:

http://:8443

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

unfortunately the result is the same -- "contacting the device" is all I get...

I can access the page from the browser (as I could before), I can start the java ADSM, enter my credentials, then freeze...

Can you re-isnatll the ASDM launcher on the machine??

Is it possible for you to upgrade to latest ASDM software like 6.4.7 or 6.4.9, they are available on cisco site.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

asdm 647 now

:-( still the same. I'm getting the impression that something is wrong internally and a reboot could solve it.

Any other thoughts?

it's very much appreciated - i hate to have to tell my cio that i have to reboot this device - uptime 3yrs+ now! ...

Do you have any command like:

aaa authentication http console LOCAL

can you remove it and try again.

is it same with the launcher and browser??

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

YES! I indeed had this "aaa authentication http console LOCAL"

Once I removed it, I could logon again.

But to my knowledge, this command was always there - very strange that this now was causing issues...

THANKS !!!!!

That's great!!!!!!!!

Here's the reason -

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtt45397

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: