ASDM-IDM Unable to launch device manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2014 11:52 AM - edited 03-10-2019 06:07 AM
Hi,
I am having trouble trying to log into my IPS 4260 sensor using ASDM-IDM. When I try to login I get the error message "Unable to launch device manager". When I look in the Java console I see a few of these messages:
"javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake"
I do have access to the sensor over SSH and I have done a tls generate-key. I am also able to access the sensor using IPS Manager Express, just not ASDM-IDM. The ASDM-IDM application I am using does work for my ASA 5525 and 5520s.
Does anyone know why I might be getting this error message?
- Labels:
-
IPS and IDS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2014 01:58 PM
Can you get to the sensor via web interface? Try that and launch IDM from there, could be some issues with the local install. I have had similar issues before.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2014 02:03 PM
When I try that I get a window that says "Unable to launch the application". After clicking the "Details" button, I get this message:
com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://10.1.1.18/public/idm/idm.jnlp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2014 05:37 PM
Time to troubleshoot, can you ping the sensor from your desktop? Do you have console access to it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2014 08:32 AM
Yes I can ping it and I am able to connect to it using IPS Manager Express as noted in the original question. I don't have console access as it's in another location but I can access it over SSH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2014 09:34 AM
I removed Java 7 and installed Java 6 update 45. Now launching ASDM from the webpage works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2014 01:30 PM
Yes ASDM-IDM application does not support Java 7.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2015 08:43 AM
Solved.
That's Java issue. I'm running mac 10.9.5.
IPS 7.1 recommend Java JRE 1.5 or 1.6
http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/release/notes/release7_1_10.html
How ever downgrading from Java 8 to Java 6 to get an application to work. But had no luck.
You must ensure that your JRE is truely 1.5 or 1.6
This works on downgrading 8 to 6
https://support.apple.com/en-us/HT202643
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2014 05:32 AM
can you post your show version output.
also the sh run ssl output.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2014 01:40 PM
I had the same issue and was able to resolve this by doing the following:
First of all add the site to the Exception site list:
From Java control panel, click security click edit site list and add your device https://x.x.x.x
Next, adjust your SSL settings:
From Java Control Panel Click Advanced-> scroll to "Advanced Security Settings"-> Uncheck "Use TLS1.1", "Use TLS1.2" (if they are checked) and check "Use SSL2.0 compatible ClientHello Format" as well as "Use SSL 3.0" and "Use TLS1.0".
Hope you had the same luck with this solution that I did.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-08-2014 05:25 AM
I had to do what Brian did, and some more.
First I did Brian Green's steps of changing the SSL/TLS versions.
From Java Control Panel Click Advanced-> scroll to "Advanced Security Settings"-> Uncheck "Use TLS1.1", "Use TLS1.2" (if they are checked) and check "Use SSL2.0 compatible ClientHello Format" as well as "Use SSL 3.0" and "Use TLS1.0"
Then, I also had to import the certificate files a very specific way. Fortunately getting into the Java options from Brian's hint opened up Pandora's box here, plus a little wireshark debugging made me certain that MY PC did NOT LIKE the certificate.
Here's what I did (all steps after 1-3 from Java Control Panel)
- Go to the https page for the ASA in your browser
- Click the Lock Icon in the Address Bar, and go thru the usual to export the certificate.
- Change the .pem or .crt extension to .csr
- Just as a precaution, from Java Settings Panel's Security tab > Network Settings do not use any https proxies, use 'Direct connection'
- Now go to the Security tab
- add your ASA's https:// URL to the 'Exceptions' Sites list
- Click the 'Manage Certificates' button
- THIS IS KEY >>> Pull the drop-down 'Certifcate Type' menu down and select 'Secure Site'
- Remain on the 'User' tab and click 'Import'
- Now import the .csr certifiate file that the ASA will present in the handshake that you saved in steps 1-3
- Click Apply and OK in the Java Security Setting
- Now try the ASA.... ;)
By the way the default 'High' securiy level worked just fine for me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2014 04:20 AM
Thanks a million Bernard. Following through this procedure finally resolved both ASDM and SSH access to my ASA after I installed version 9.2(2)4 and they both went in-op.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2015 06:01 AM
hello all,
this solution didn't worked for me either. I had JRE 1.8.0.25, I think it was latest version for that moment.
then I installed 1.7.0.71 and what I did next:
1. added my host URL to exceptions list
2. unchecked "use TLS1.2"
3. checked "Use SSL2.0 compatible ClientHello Format"
you can find in the attachment screenshots of my settings (sorry for ugly lines)
thats all
p.s. it wasn't ASA ASDM, it was UCS CIMC, but I think all the same Java
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2015 06:46 AM
I looked at your screenshot. Try unchecking the use TLS 1.1 and see if that works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2015 01:07 AM
I'm sorry for misleading I meant that with Java 1.8.0.2 it didn't works.
But it indeed did worked when I did what I said (and what showed at the screenshot) despite "TLS1.1" option was checked.
Ruslan
