I do not believe it is the computer.  I have tried 3 different computer's and use my main computer to manage about 10 other asa's without issue. The same thing happens on all machines.

newer asa likes the newer java, the older ones like the older java, just make sure u are running newer java if its a newer asdm software.

also make sure the ports are accessible thru firewall rules

I have other ASA's at the same revision. I can connect to them, but I set them up from scratch.  I inherited this one and it was originally setup not to use HTTP.  I do not see anything in the conf (see attached file) that would block the connection. This is why I am at a loss.

not sure what port u are trying to connect from but try this depending on the port u

are connected to

http 192.168.100.0 255.255.255.0 inside

http 192.168.10.0 255.255.255.0 inside

if u inhereted it, best thing to do is reset it and manage it from management and start over...here is CLI command to reset...after it resets plug it into management port and config as desired thru asdm

en
<enter>
<password>
config t
config factory-default
reload save-config noconfirm

Yes, I know a reset to factory would allow it to do what I need, but I am trying to avoid that because it has a site-to-site vpn tunnel connected and do not want to take that down.  I will use that as a last resort.

I was hoping someone would look at the attached config and say "OH! There's your problem. Change this to that and it should work."

It could be that the ASDM image is corrupt.  I suggest removing it and then get your hands on a known working version (from one of your other ASAs for example) and copy that into the ASA and try from there.

--

Please remember to select a correct answer and rate helpful posts

I don't know if it makes a difference or not, but comparing this config with others I have, I notices one difference I have not seen before.  This config shows 2 boot image files being loaded.  Could that have something to do with the issue?  See below.

this might sound silly...but are you trying to connect thru the management port? if u are..... then maybe as Marius Gunnerud said, image may be corrupt.  

I have tried it from an inside machine at a 192.168.100.xxx ip address and I have tried it from an outside address of XXX.XXX.0.0 which is my office IP address that I maintain about 15 other ASA's of various flavors.

Hi,

It's a very long discussion so i would request you to update the details on this issue once again please:-

ASDM image Version:-

ASA device version:-

JAVA update

Outputs of :-

show run asdm

show run aaa

show run http

ahso asp table soc

show run all ssl

show vers

Thanks and Regards,

Vibhor Amrodia

I checked a couple of other configs I have for other devices and do not see the entries for "boot system disk" or for "asdm image" in the ones that I have setup and are working correctly. 

Two questions.

What are the entries for?

If removed, would the device reboot and come back to the same state it is currently in?

show running-config boot system

hostname(config)# show running-config boot system

boot system disk0:/cdisk.bin

boot system disk0:/asa841-smp-k9.bin

Shows the current boot images configured (up to 4). The ASA uses the images in the order listed; if the first image is unavailable, the next image is used, and so on. You cannot insert a new image URL at the top of the list; to specify the new image to be first, you must remove any existing entries, and enter the image URLs in the order desired, according to the following steps.

--------------------------------------------------------

no boot system {disk0:/ | disk1:/ }[path /] asa_image_name

hostname(config)# no boot system disk0:/cdisk.bin

hostname(config)# no boot system disk0:/asa841-smp-k9.bin

Removes any existing boot image configurations so you can enter the new boot image as your first choice.

-----------------------------------------------------------------------

before u go flashing anything, i would recomend that you just do a regular factory reset and see if it fixes the issue.

try the command above, just change it to match your network subnet