I have a ASA5525 that I would like to apply the latest patches to. However, upgrading to any image higher than 9.12(4)2 causes ASDM authentication to fail. I tried 9.12(4)50, 9.12(4)52 and 9.14(4)14. All of these versions cause ASDM logins to fail. Interestingly, my 5515s work fine with 9.12(4)52.
Luckily SSH works fine with those newer versions and I am able to use the CLI to roll back to the fully working 9.12(4)2.
@tato386 is it definately authentication failure or could it be a SSL or java issue? On newer ASA older/weaker SSL ciphers were depreciated, so you may need to upgrade java.
Turn on debugs, attempt to login to ASDM and check the output of the logs.
I am fairly certain it is not older/weaker SSL issue because I am using the same OS, Java and ASDM to manage the 5515s which are running the newer software. The TLS settings on the two devices are identical as well.
What is a good logging command for authentication? I guess I can do "logging buffered debug" but that generates a ton of output.
Still seems like a bug to me. I have tested using SSH and ASDM with local and RADIUS (Windows NPS) and here is what I have found:
SSH/local: success
SSH/Radius: success
ASDM/local: success
ASDM Radius Test button: success
ASDM/Radius: FAILS
In addition to this I have checked ASA radius debugs and Windows NPS logs and both show successful logins all around. All of this worked fine up to 9.12(4)2. After that, no go with ASDM/radius anymore on 5525. 5515 does not seem to have any issues with newer code.
@MHM, I agree the symptoms match my issue but the bug says it was fixed with 9.6 and I had it working with 9.12. It broke after 9.14 upgrade. Using local auth is not an option for me.
