Thank you for your response. I have already tried that.

I am wondering if I may need to reset the config-registry. Question if I

were to do this will I loose my licensing for the appliance.

I can access the ASA from the console but would prefer to setup the ASA using the ASDM. Here is the current config

ciscoasa# sh run
: Saved
:
ASA Version 8.2(1)
!

hostname ciscoasa

enable password TGC9Z8acq7BhAjhu encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100

ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0

ip address dhcp setroute
!
interface Ethernet0/0

switchport access vlan 2
!
interface Ethernet0/1

!
interface Ethernet0/2
<--- More --->
             
!
<--- More --->
             
interface Ethernet0/3
!

interface Ethernet0/4
!
interface Ethernet0/5

!
interface Ethernet0/6
!

interface Ethernet0/7
!
ftp mode passive

pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1
no asdm history enable

arp timeout 14400

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
<--- More --->
             
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location

no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5

ssh timeout 5

console timeout 0
dhcpd auto_config outside

!
dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd enable inside

!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept

webvpn
!
<--- More --->
             
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512

policy-map global_policy
class inspection_default
  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh
  inspect rtsp
  inspect esmtp

  inspect sqlnet
  inspect skinny 
  inspect sunrpc

  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
!
<--- More --->
             
service-policy global_policy global
prompt hostname context
Cryptochecksum:94d7c2efc42635bd6d9037afeba1cc88
: end

ciscoasa#

Add the following commands via console and see if you can login via asdm using the ID cisco and password cisco123 when you go to https://192.168.1.1 on the browser. No need for "admin" after the IP address.

conf t

username cisco password cisco123 priv 15

aaa authentication http console LOCAL

-KS

Looks like your suggestion works. Thank you so much.

Have a great day

Glad to hear. Pls. mark the thread answered if you believe the issue is resolved.

Thanks,

KS

One other quick question, trying to access the internet through the firewall. Not working.

I added a default route statement hoping that would resolve my routing issue. Any ideas based on the configuration I sent you.

Thanks

That is all you need for internet access from the inside in additon to permision and route. You said you already added the route. Mak sure you do not have any typos. No permission is needed to go from high sec to low sec.

1. Ping the router upstream from thas ASA and make sure it works. Able to Ping Router (Internal 192.168.1.1). ASDM does not show an IP for the outgoing e0/0 interface.

2. What DNS servers are you using? Comcast

3. Do you get name resolution? Yes

4. Can u load pages using IP address on the browser? http://74.125.39.99 work? No

5. can u ping the asa's inside interface from the PC? Yes

If layer 3 doesn't work then we have to fall back to layer 2 and issue "debug arp" and see what is going on.

The thread should also be marked as solved as the original problem is resolved. Do I need to open another thread for this issue?

-KS

If you could spin up a new thread that would be great.  This is simply for the benefit of our other readers. They will seach on asdm lauching issue and find this thread and choose to read the response that is marked as solved the issue.

If we start troubleshooting nat, route and dhcp issues in this thread that will just confuse the readers.

Get on CLI (console) and do the following:

1. sh ip (make sure the outside interface shows and IP address)

2. enable  logging

conf t

logging enable

logging buffered 7

exit

sh logg | i x.x.x.x where x.x.x.x is your client IP address when it tried to go out to the interface.

3. from the ASA ping the upstread ISP router

Let me know the results in another thread if you decide to spin one up. It is very easy to do.

-KS

I believe I'm having the same issue but I'm a bit confused on the instructions. What is the purpose of the command "aaa authentication http console LOCAL?" I have set my ASA to factory default and determined the management port IP to input into internet explorer.  When I do this, I'm taken to download ASDM launcher, however, a window pops up stating "the server is asking for your user name and password. The server reports that it is form Authentication."This is followed by a username and password entry.  All combinations I've tried do not work and I'm unsure of how to proceed from here.  Any help would be greatly appreciated!

OK, mac user here.  For me, it was simply a browser issue.  Safari and Chrome failed to download the dmg with an auth error, regardless of user / pass.   But Firefox worked (with blank user/pass).  So try a different browser first just in case it's that simple.

I am also facing same issue, If you found any helpful guide Please let me know. Thanks