ASDM doesn't run from application, but runs from web browser

bkoch1 · ‎09-10-2014

Not sure what the deal is.

All of our firewalls are running 8.4(7.22) and ASDM 7.2.2.

The primary campus firewall works fine when running Program Files-->ASDM launcher

Our VPN firewalls only allow access to ASDM when launched from a web browser. Attempts to connect through the ASDM application respond with "Unable to connect to x.x.x.x".

Marvin Rhoads · ‎09-10-2014

It can be several things.

First check your Java. If you have a recent update, you should add your ASA(s) to the trusted sites for Java. Go via Java control Panel, Security and Edit the trusted site list to include https://<ASA address>.

We can look into other things once you've checked that.

bkoch1 · ‎09-10-2014

That's been done, but still won't connect. Other threads say it could be a certificate issue, but I've had access before to them.

Marvin Rhoads · ‎09-10-2014

If the devices are using the default self-signed certificate dynamically generated during boot-up they could have rebooted and thus changed their certificates (which would then have to be trusted anew by Java).

To avoid this, we generally try to use persistent certificates on the ASAs.

If that's the case for your, it's a good opportunity to generate a new certificate (using a 2048-but RSA key if you don't already have one) and bind it to the interface(s) you manage from.

bkoch1 · ‎09-11-2014

Generated a new key:

crypto key generate rsa mod 2048

Here is sh run ssl:

VPNWEB# sh run ssl
ssl trust-point ASDM_TrustPoint0 management

This now matches the primary firewall.

Still get "Unable to launch device manager from x.x.x.x"

Marvin Rhoads · ‎09-11-2014

If you haven't already, you need to create a new trust-point using that new rsa key. Then bind it to your interface(s).

The message below tells me Java doesn't think the ASA is in the trusted sites list yet:

Java couldn't trust Server