05-23-2012 01:57 AM - edited 03-11-2019 04:10 PM
all,
since yesterday, I cannot logon with adsm anymore.
when I run adsm, I type in my pw, and the screen keeps displaying "contacting the device". No timeout, just stays this way.
I've updated the java version, no luck.
I can connect with SSH with no problem.
device = asa5550, 8.2(1) asdm 6.2(1)
pieces of the config:
---
BE01NF21#sh run all ssl
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
BE01NF21#sh asp table socket
Protocol Socket Local Address Foreign Address State
SSL 000028ef 192.168.126.1:443 0.0.0.0:* LISTEN
TCP 000047df 192.168.126.1:22 0.0.0.0:* LISTEN
TCP 0123e588 192.168.126.1:22 192.168.126.3:26807 ESTAB
---
(126.1 is the interface I connect to)
output of debug http 255:
---
HTTP: processing ASDM request [/admin/version.prop] with cookie-based authentication (aware_webvpn_conf.re2c:398)
HTTP: check admin session. Cookie index [-1][0]
HTTP: client certificate required = 0
--- no further output
On another ASA device the debug output is different (asdm does work with this device):
---
HTTP: processing ASDM request [/admin/version.prop] (aware_webvpn_conf.re2c:417)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
HTTP: session verified = [0]
HTTP: processing GET URL '/admin/version.prop' from host
etc...
---
notice that there is no "with cookie-based authentication" here -- is this relevant?
Rebooting the device is not really an option... Does anyone have another idea ??
THANKS !!
Solved! Go to Solution.
05-23-2012 03:24 AM
Do you have any command like:
aaa authentication http console LOCAL
can you remove it and try again.
is it same with the launcher and browser??
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-23-2012 02:18 AM
Do you have any webvpn configured on port 443? Try enabling ASDM access onany other port.
https server enable 8443
and then access from browser:
http://
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-23-2012 02:27 AM
unfortunately the result is the same -- "contacting the device" is all I get...
I can access the page from the browser (as I could before), I can start the java ADSM, enter my credentials, then freeze...
05-23-2012 02:43 AM
Can you re-isnatll the ASDM launcher on the machine??
Is it possible for you to upgrade to latest ASDM software like 6.4.7 or 6.4.9, they are available on cisco site.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-23-2012 03:09 AM
asdm 647 now
:-( still the same. I'm getting the impression that something is wrong internally and a reboot could solve it.
Any other thoughts?
it's very much appreciated - i hate to have to tell my cio that i have to reboot this device - uptime 3yrs+ now! ...
05-23-2012 03:24 AM
Do you have any command like:
aaa authentication http console LOCAL
can you remove it and try again.
is it same with the launcher and browser??
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-23-2012 03:30 AM
YES! I indeed had this "aaa authentication http console LOCAL"
Once I removed it, I could logon again.
But to my knowledge, this command was always there - very strange that this now was causing issues...
THANKS !!!!!
05-23-2012 03:59 AM
That's great!!!!!!!!
Here's the reason -
Thanks,
Varun Rao
Security Team,
Cisco TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide