No, I don't get an IP address, and attempting an DHCP renewal via ipconfig release/renew brings back an error stating the DHCP server is not available.  Hard-coding the IP doesnt seem to help either (no access to the ASDM).

CLI was available via console (I got to the ciscoasa prompt).

Hello Darrin,

Is this a brand new unit??

Okay, so if you have access to the CLI promt I can help you.( As soon as you need to enter a password please add cisco or leave it on black)

Lets configure DHCP and check out if there is a ASDM image on your ASA.

Please follow the following steps;

Enable

config te

interface ethernet 0/1

nameif inside

ip address 192.168.2.1 255.255.255.0

no shut

exit

dhcpd address 192.168.2.1-192.168.2.254

dhcpd enable inside

Then connect the laptop to interface ethernet 0/1 and you should get the ip address.

then in order to check if you have a asdm image please provide us the output of the following output:

Show flash:

Please rate helpful posts,

Regards,

Hi Julio:

I solved the problem of getting the IP by using the config factory-default command.  Output follows:

ciscoasa(config)# config factory-default

Based on the management IP address and mask, the DHCP address

pool size is reduced to 253 from the platform limit 256

WARNING: The boot system configuration will be cleared.

The first image found in disk0:/ will be used to boot the

system on the next reload.

Verify there is a valid image on disk0:/ or the system will

not boot.

Begin to apply factory-default configuration:

Clear all configuration

Executing command: interface management0/0

Executing command: nameif management

INFO: Security level for "management" set to 0 by default.

Executing command: ip address 192.168.1.1 255.255.255.0

Executing command: security-level 100

Executing command: no shutdown

Executing command: exit

Executing command: http server enable

Executing command: http 192.168.1.0 255.255.255.0 management

Executing command: dhcpd address 192.168.1.2-192.168.1.254 management

Executing command: dhcpd enable management

Executing command: logging asdm informational

Factory-default configuration is completed

At this point, I can ping the 5520, but am not able to access the ADSM via either https://192.168.1.1 or https://192.168.1.1/admin.  Per your request, show flash results:

ciscoasa(config)# show flash

--#--  --length--  -----date/time------  path

   21  15390720    Nov 09 2011 16:39:22  asa825-k8.bin

   22  11862220    Nov 09 2011 16:31:50  asdm-625.bin

   23  4686889     Nov 09 2011 16:40:48  anyconnect-win-2.5.2019-k9.pkg

   24  12105313    Nov 09 2011 16:41:24  csd_3.5.841-k9.pkg

    2  2048        Nov 09 2011 16:51:20  log

   12  2048        Nov 09 2011 16:51:32  crypto_archive

   13  2048        Nov 09 2011 16:51:34  coredumpinfo

   14  43          Nov 09 2011 16:51:34  coredumpinfo/coredump.cfg

This unit is not a new unit, it was supplied to us by Cisco as a loaner for evaluation.

Thanks,

-Darrin

Hello Darrin,

Ok, maybe it came with some configuration on  and that one did not have the DHCP service enable.

ASDM Issue:

You do have the asdm image on the flash, that is good.

Please add the following commands:

-asdm image flash:/asdm-625.bin

-http server enable

-http 0 0 managment

Please try it again ( You should be missing the HTTP service)

Please rate helpful posts.

Regards,

Julio

Hi Julio:

Thanks for all your help with this, but it doesnt appear solved at this point.  I tried your recommended commands and the device is still not serving the page.  Doing a bit more digging (and using a different browser), Chrome reports the following errror when attempting to access:

Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.

Some online have suggested that the following command might remedy the issue:

fw01(config)# ssl encryption aes256-sha1 aes128-sha1 3des-sha1

but I dont have the VPN-3DES-AES feature installed, and can't grab the license for it as I don't have a CCO login.

Any suggestions on how to proceed?

Hello Darrin,

so you have the image on the ASA.

You have applied the command asdm image flash0: asdm-625.bin

you have the command http sever enable

you have the command http 0 0 managment

That is strange, What version of java have you installed in your Laptop.

Can you provide the following output

debug http

And then try to connect via asdm ( https://192.168.1.1

What if you provide an ip address to another interface lets say interface ethernet 0/1

ethernet 0/1

nameif inside

ip add 192.168.2.1 255.255.255.0

no shut

exit

http  0 0 inside

and then https://192.168.2.1

Regards,

Julio

Looks like the default ssl encryption is set to des-sha1. Do a #sh run | i ssl encryption. des has been broken for ages now. Looks like chrome won't connect unless you use a good encryption. I did the following to resolve.

I was connecting my laptops ethernet port to the management port on the ASA.

My IP address settings were set to obtain. The ASA gave me an IP address.

I connected to the ASA with the console cable

#conf t

#ssl encryption aes128-sha1  (you can use higer if you want)

#wr mem

Now open chrome and go to https://192.168.1.1/admin

Hope that helps

Julio and Adam:

Sorry for the delay in response, I am just returning to work after being out with the flu.

Julio: FYI I am running Java 6, Update 30.

Adam: All your commands worked except the last one, I suspect that will render the solution unviable.  Please see text below:

ciscoasa# conf t

ciscoasa(config)# int gi0/1

ciscoasa(config-if)# no shut

ciscoasa(config-if)# ip add 192.168.0.1 255.255.255.0

ciscoasa(config-if)# security-level 100

ciscoasa(config-if)# exit

ciscoasa(config)# http server enable

ciscoasa(config)# http 192.168.0.10

ERROR: % Incomplete command

ciscoasa(config)# http 192.168.0.10 inside

                                    ^

ERROR: % Invalid input detected at '^' marker.

Note that I did make the adjustment to the IP of the laptop (to 192.168.0.10) as listed above, switched the cabling from the managment port to gi0/1, and am now getting a site unavailable message, likely because that last statement didnt take.

Thanks again for the suggestions.

Hello Darrin,

Please add the command and give it a try.

http 192.168.0.0 255.255.255.0 inside

Please do rate helpful posts.

Julio

Both the 'http 192.168.0.10 inside' and 'http 192.168.0.0 255.255.255.0 inside' commands yield the same invalid input error.  Should these be done at the config level or the interface level?  Neither seems to work.

Is it possible that something is mucked up in the existing config on the unit?  I've tried applying these settings on a fresh boot up and after a factory-default, neither seems to help.

Hi Julio:

That did indeed provide access to that interface, but I am now where I was when attempting to access the 5520 via the managmentment port.  Per the 16 Dec 7:09pm post in this thread:

"Thanks for all your help with this, but it doesnt appear solved at  this point.  I tried your recommended commands and the device is still  not serving the page.  Doing a bit more digging (and using a different  browser), Chrome reports the following errror when attempting to access:

Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error."

The site appears to be serving the page, but there doesnt appear to be any common SSL encryption methods.  Any suggestions on how to proceed?  Is there anyway to disable the initial use of SSL for serving the ADSM client?