Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1131
Views
0
Helpful
3
Replies

asdm connection problems

christopher.martin.2
Level 1
Level 1

‎04-24-2017 04:17 PM - edited ‎03-12-2019 02:15 AM

Hi there, 

I am struggling to browse to ASDM which just hangs. See below my current setup though i have tried with other version of ASA and ASDM

ciscoasa(config)# show asdm image
Device Manager image file, disk0:/asdm-771-150.bin
ciscoasa(config)#
ciscoasa(config)# sh ver

Cisco Adaptive Security Appliance Software Version 9.4(1)
Device Manager Version 7.7(1)150

Compiled on Sat 21-Mar-15 11:43 PDT by builders
System image file is "boot:/asa941-smp-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 14 hours 9 mins

Hardware: ASAv, 2048 MB RAM, CPU Pentium II 3591 MHz,
Internal ATA Compact Flash, 8192MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB


0: Ext: Management0/0 : address is 00a2.56fd.0800, irq 11
1: Ext: GigabitEthernet0/0 : address is 00a2.56fd.0801, irq 11
2: Ext: GigabitEthernet0/1 : address is 00a2.56fd.0802, irq 10
3: Ext: GigabitEthernet0/2 : address is 00a2.56fd.0803, irq 10
4: Ext: GigabitEthernet0/3 : address is 00a2.56fd.0804, irq 11
5: Ext: GigabitEthernet0/4 : address is 00a2.56fd.0805, irq 11
6: Ext: GigabitEthernet0/5 : address is 00a2.56fd.0806, irq 10
7: Ext: GigabitEthernet0/6 : address is 00a2.56fd.0807, irq 10

License mode: Smart Licensing
ASAv Platform License State: Unlicensed
No active entitlement: no feature tier and no throughput level configured

Licensed features for this platform:
Maximum Physical Interfaces : 10 perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Enabled perpetual
Cluster : Disabled perpetual

Licensing mode is Smart Licensing

Serial Number: 9AAF5L9CT3R

Image type : Release
Key version : A

Configuration last modified by enable_15 at 22:39:29.418 UTC Mon Apr 24 2017
ciscoasa(config)#

ciscoasa(config)# show run all ssl
ssl server-version tlsv1.2
ssl client-version tlsv1.2
ssl cipher default custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl cipher tlsv1 custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl cipher tlsv1.1 all
ssl cipher tlsv1.2 custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl cipher dtlsv1 custom "DES-CBC3-SHA:AES128-SHA:RC4-MD5:RC4-SHA"
ssl dh-group group2
ssl ecdh-group group19
ssl certificate-authentication fca-timeout 2
ciscoasa(config)#

%ASA-6-725001: Starting SSL handshake with client outside:10.0.0.2/53428 to 10.0.0.252/443 for TLS session
%ASA-6-725003: SSL client outside:10.0.0.2/53428 to 10.0.0.252/443 request to resume previous session
%ASA-6-725002: Device completed SSL handshake with client outside:10.0.0.2/53428 to 10.0.0.252/443 for TLSv1.2 session
%ASA-6-302014: Teardown TCP connection 63 for outside:10.0.0.2/53425 to identity:10.0.0.252/443 duration 0:00:00 bytes 145 TCP Reset-I
%ASA-6-725007: SSL session with client outside:10.0.0.2/53426 to 10.0.0.252/443 terminated
%ASA-6-302014: Teardown TCP connection 64 for outside:10.0.0.2/53426 to identity:10.0.0.252/443 duration 0:00:00 bytes 384 TCP FINs
%ASA-6-725007: SSL session with client outside:10.0.0.2/53427 to 10.0.0.252/443 terminated
%ASA-6-302014: Teardown TCP connection 65 for outside:10.0.0.2/53427 to identity:10.0.0.252/443 duration 0:00:00 bytes 145 TCP Reset-I

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-24-2017 05:31 PM

What Java version is installed on your workstation?

Please open the Java console when attempting to connect and share the outut you get from it.

0 Helpful

christopher.martin.2
Level 1
Level 1
In response to Marvin Rhoads

‎04-26-2017 05:49 AM

Hi marvin,

Thankyou for offering to help!

Im using 1.8.0_131-b11.

I enable the java console but it did not open when i initiated a connection to the ASA. On firefox i used the browser console and got below errors 

10.0.0.252:443 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for ASA Temporary Self Signed Certificate

Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>
<unknown>
TypeError: ownerDoc.location is null content.js:449:7
TypeError: docShell is null

Also, the browser console created jarfile logs with below:

sendAsyncMessage("Browser:CertExceptionError", {
      location: ownerDoc.location.href,
      elementId: targetElement.getAttribute("id"),
      isTopFrame: (ownerDoc.defaultView.parent === ownerDoc.defaultView),
      securityInfoAsString: serializedSecurityInfo
    });
  },
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to christopher.martin.2

‎04-26-2017 06:55 AM

It seems it's not liking the ASA self-signed certificate. While I usually generate a permanent vs. temporary one, the latter should work as well.

Depending on your PC settings, you may need to trust the ASA "site" in Java security. 

I also notice you have some next generation encryption settings in your SSL. Can you confirm if you created an RSA key to be used for your self-signed certificate? If you don't have that and instead are using an ecdsa key that may be causing the error.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card