07-31-2011 07:11 AM - edited 03-11-2019 02:06 PM
Hi,
ADSM on our ASA was working last week but today I tried to access ASDM as usual and this time it will not launch. I have the ASDM client on my PC and when I run it from there, it says Unable to launch the device manager. When I try to run the java client, it says web page unavailable. I have tried from different PC's with the same results.
This line is in the ASA:
asdm image disk0:/asdm-613.bin
Any help would be appreciated.
Thanks,
Mark
07-31-2011 08:30 AM
Mark
Here are several suggestions which I hope might be helpful:
- have there been configuration changes on the ASA recently? If so what changed on the ASA and is it possible that the config change is impacting ASDM?
- can you access the ASA via console, via SSH, or via telnet? If so can you check the logs on the ASA at the time when you attempted ASDM and see if there are any helpful messages in the logs?
- There is a limit on the number of simultaneous ASDM sessions. Is it possible that other people are running ASDM and there is not capacity for another ASDM session?
- I have seen situations where updating the version of java on the PC has impacted ASDM. Have you recently updated the java software on the PC?
HTH
Rick
07-31-2011 09:00 AM
Hello Mark,
Please refer to this document by one of my collegues. This talks about all the issues related to ASDM access.
https://supportforums.cisco.com/docs/DOC-15016
Hope this helps.
Regards,
Chirag
07-31-2011 10:00 AM
if you can access the cli the following should be set in order to access the asdm.
http server enable
http server 0.0.0.0 0.0.0.0 inside
asdm image disk0:/asdm-615.bin
!
aaa authentication http console LOCAL
!
username cisco password cisco123 priv 15
!
If that's in the it should work. You may also want to enter a "dir" and check that the asdm image is actually loaded on the device.
07-31-2011 03:51 PM
I appreciate the replies. I have checked the troubleshooting documents and requirements and it appears that I am good to go. We have made a few changes to add VPN connections since it was working. But everything that is listed that is needed for ASDM to work is still there. The config is below.
Any other ideas?
Thanks,
Mark
ASA Version 8.0(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password mDnUbb1nQkpe6eG9 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 97.0.0.250 tarantella
name 172.31.255.3 MGMT_HOST description Remote Network Management
name 97.0.0.56 axis-camera-1
name 10.99.0.60 axis-camera-2
!
interface GigabitEthernet0/0
nameif CABLE
security-level 0
ip address 95.36.115.66 255.255.255.248
!
interface GigabitEthernet0/1
shutdown
nameif DSL
security-level 0
ip address 64.173.93.28 255.255.255.128
!
interface GigabitEthernet0/2
nameif FIBER
security-level 0
ip address 25.181.205.2 255.255.255.240
!
interface GigabitEthernet0/3
nameif inside
security-level 100
ip address 97.0.0.100 255.255.255.0
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list 100 extended permit tcp any host 25.181.205.2 eq 3144
access-list 100 extended permit tcp any host 25.181.205.2 eq 8080
access-list 100 extended permit tcp any host 25.181.205.2 eq 100
access-list 100 extended permit icmp any any echo-reply
access-list 100 extended permit tcp any host 25.181.205.2 eq https
access-list 100 extended permit tcp any host 25.181.205.2 eq www
access-list 100 extended permit tcp any host 25.181.205.2 eq 8081
access-list 100 extended permit tcp any host 25.181.205.2 eq 8082
access-list 80 extended permit ip any 192.168.222.0 255.255.255.0
access-list 80 extended permit ip any 172.31.253.0 255.255.254.0
access-list 80 extended permit ip host 97.0.0.50 192.168.223.0 255.255.255.240
access-list 80 extended permit ip any 192.168.222.0 255.255.255.224
access-list GLSVPN extended permit ip 10.1.100.0 255.255.255.0 172.31.253.0 255.255.254.0
access-list GLSVPN extended permit ip 172.17.254.0 255.255.255.0 172.31.253.0 255.255.254.0
access-list DSIVPNUser_splitTunnelAcl standard permit host 97.0.0.50
access-list DSIAdminUsers_splitTunnelAcl standard permit any
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging trap errors
logging asdm informational
mtu CABLE 1500
mtu DSL 1500
mtu FIBER 1500
mtu inside 1500
ip local pool VPNPOOL 192.168.222.1-192.168.222.10
ip local pool AdminPool 192.168.222.11-192.168.222.20
ip local pool TestPool 1.1.1.2-1.1.1.254 mask 255.255.255.0
ip audit name DSI-Attack attack action alarm drop reset
ip audit name DSI-Alarm info action alarm
ip audit interface FIBER DSI-Alarm
ip audit interface FIBER DSI-Attack
ip audit interface inside DSI-Alarm
ip audit interface inside DSI-Attack
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo DSL
icmp permit any echo-reply DSL
icmp permit any unreachable DSL
icmp permit any unreachable FIBER
icmp permit any echo FIBER
icmp permit any echo-reply FIBER
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (DSL) 1 interface
global (FIBER) 1 interface
nat (inside) 0 access-list 80
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,FIBER) tcp interface 8080 tarantella 8080 netmask 255.255.255.255
static (inside,FIBER) tcp interface 3144 tarantella 3144 netmask 255.255.255.255
static (inside,FIBER) tcp interface telnet 97.0.0.2 telnet netmask 255.255.255.255
static (inside,FIBER) tcp interface 2222 97.0.0.179 ssh netmask 255.255.255.255
static (inside,FIBER) tcp interface 100 10.18.0.88 100 netmask 255.255.255.255
static (inside,FIBER) tcp interface https 97.0.0.34 https netmask 255.255.255.255
static (inside,FIBER) tcp interface www 97.0.0.34 www netmask 255.255.255.255
static (inside,FIBER) tcp interface 8081 axis-camera-1 www netmask 255.255.255.255
static (inside,FIBER) tcp interface 8082 axis-camera-2 www netmask 255.255.255.255
access-group 100 in interface FIBER
route FIBER 0.0.0.0 0.0.0.0 25.181.205.1 254
route inside 10.0.0.0 255.0.0.0 97.0.0.3 1
route inside 10.2.0.0 255.255.0.0 97.0.0.3 1
route inside 10.3.0.0 255.255.0.0 97.0.0.3 1
route inside 10.4.0.0 255.255.0.0 97.0.0.3 1
route inside 10.8.0.0 255.255.0.0 97.0.0.3 1
route inside 10.12.0.0 255.255.0.0 97.0.0.3 1
route inside 10.31.0.0 255.255.0.0 97.0.0.3 1
route inside 10.41.0.0 255.255.0.0 97.0.0.3 1
route inside 10.99.0.0 255.255.0.0 97.0.0.3 1
route inside 172.17.253.0 255.255.255.0 97.0.0.235 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
url-server (inside) vendor websense host 97.0.0.87 timeout 10 protocol TCP version 4 connections 5
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 88
type echo protocol ipIcmpEcho 96.36.115.65 interface CABLE
num-packets 3
timeout 1000
frequency 3
sla monitor schedule 88 life forever start-time now
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DCMAP 10 set pfs
crypto dynamic-map DCMAP 10 set transform-set TSET
crypto dynamic-map DCMAP 10 set security-association lifetime seconds 28800
crypto dynamic-map DCMAP 10 set security-association lifetime kilobytes 4608000
crypto dynamic-map inside_dyn_map 20 set pfs
crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map inside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map inside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map CMAP 1 match address GLSVPN
crypto map CMAP 1 set peer 66.129.114.59
crypto map CMAP 1 set transform-set ESP-3DES-MD5
crypto map CMAP 1 set security-association lifetime seconds 28800
crypto map CMAP 1 set security-association lifetime kilobytes 4608000
crypto map CMAP 10 ipsec-isakmp dynamic DCMAP
crypto map CMAP interface FIBER
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp identity address
crypto isakmp enable FIBER
crypto isakmp enable inside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
!
track 1 rtr 88 reachability
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 FIBER
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy ASAVPN internal
group-policy ASAVPN attributes
dns-server value 24.217.0.3 63.162.197.99
vpn-tunnel-protocol IPSec svc
default-domain value dsidsi.com
group-policy DSIAdminUsers internal
group-policy DSIAdminUsers attributes
dns-server value 97.0.0.21 97.0.0.22
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DSIAdminUsers_splitTunnelAcl
default-domain value dsi.local
group-policy DSIVPNUser internal
group-policy DSIVPNUser attributes
dns-server value 97.0.0.21 97.0.0.22
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DSIVPNUser_splitTunnelAcl
default-domain value dsi.local
username test password hmQhTUMT1T5Z4KHC encrypted
username test attributes
vpn-group-policy DSIAdminUsers
username akipper password 9PojOPiG2IXFp42B encrypted privilege 0
username akipper attributes
vpn-group-policy ASAVPN
username user1 password 0dldJICVF//EH4X3 encrypted
username user1 attributes
vpn-group-policy DSIVPNUser
username t.reese password JvMrGsialw4hFL/z encrypted privilege 15
username mark password g2vDAdNY1Hx6WOoS encrypted privilege 15
username mark attributes
vpn-group-policy DSIAdminUsers
tunnel-group DefaultRAGroup general-attributes
address-pool (FIBER) VPNPOOL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPOOL
tunnel-group ASAVPN type remote-access
tunnel-group ASAVPN general-attributes
address-pool VPNPOOL
default-group-policy ASAVPN
tunnel-group ASAVPN ipsec-attributes
pre-shared-key *
tunnel-group 66.129.114.59 type ipsec-l2l
tunnel-group 66.129.114.59 ipsec-attributes
pre-shared-key *
tunnel-group DSIVPNUser type remote-access
tunnel-group DSIVPNUser general-attributes
address-pool VPNPOOL
default-group-policy DSIVPNUser
tunnel-group DSIVPNUser ipsec-attributes
pre-shared-key *
tunnel-group DSIAdminUsers type remote-access
tunnel-group DSIAdminUsers general-attributes
address-pool (FIBER) AdminPool
default-group-policy DSIAdminUsers
tunnel-group DSIAdminUsers ipsec-attributes
pre-shared-key *
tunnel-group TestUser type remote-access
tunnel-group TestUser general-attributes
address-pool (FIBER) AdminPool
default-group-policy DSIAdminUsers
tunnel-group TestUser ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:dfb0accab0916d7f7f3a886c6c7d1ca2
: end
ASA Version 8.0(4)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password mDnUbb1nQkpe6eG9 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 97.0.0.250 tarantella
name 172.31.255.3 MGMT_HOST description Remote Network Management
name 97.0.0.56 axis-camera-1
name 10.99.0.60 axis-camera-2
!
interface GigabitEthernet0/0
nameif CABLE
security-level 0
ip address 95.36.115.66 255.255.255.248
!
interface GigabitEthernet0/1
shutdown
nameif DSL
security-level 0
ip address 64.173.93.28 255.255.255.128
!
interface GigabitEthernet0/2
nameif FIBER
security-level 0
ip address 25.181.205.2 255.255.255.240
!
interface GigabitEthernet0/3
nameif inside
security-level 100
ip address 97.0.0.100 255.255.255.0
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list 100 extended permit tcp any host 25.181.205.2 eq 3144
access-list 100 extended permit tcp any host 25.181.205.2 eq 8080
access-list 100 extended permit tcp any host 25.181.205.2 eq 100
access-list 100 extended permit icmp any any echo-reply
access-list 100 extended permit tcp any host 25.181.205.2 eq https
access-list 100 extended permit tcp any host 25.181.205.2 eq www
access-list 100 extended permit tcp any host 25.181.205.2 eq 8081
access-list 100 extended permit tcp any host 25.181.205.2 eq 8082
access-list 80 extended permit ip any 192.168.222.0 255.255.255.0
access-list 80 extended permit ip any 172.31.253.0 255.255.254.0
access-list 80 extended permit ip host 97.0.0.50 192.168.223.0 255.255.255.240
access-list 80 extended permit ip any 192.168.222.0 255.255.255.224
access-list 80 extended permit ip 97.0.0.0 255.255.255.0 192.168.222.0 255.255.255.0
access-list 80 extended permit ip 10.1.1.0 255.255.255.0 192.168.222.0 255.255.255.0
access-list GLSVPN extended permit ip 10.1.100.0 255.255.255.0 172.31.253.0 255.255.254.0
access-list GLSVPN extended permit ip 172.17.254.0 255.255.255.0 172.31.253.0 255.255.254.0
access-list DSIVPNUser_splitTunnelAcl standard permit host 97.0.0.50
access-list DSIAdminUsers_splitTunnelAcl standard permit any
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging trap errors
logging asdm informational
mtu CABLE 1500
mtu DSL 1500
mtu FIBER 1500
mtu inside 1500
ip local pool VPNPOOL 192.168.222.1-192.168.222.10
ip local pool AdminPool 192.168.222.11-192.168.222.20
ip local pool TestPool 1.1.1.2-1.1.1.254 mask 255.255.255.0
ip audit name DSI-Attack attack action alarm drop reset
ip audit name DSI-Alarm info action alarm
ip audit interface FIBER DSI-Alarm
ip audit interface FIBER DSI-Attack
ip audit interface inside DSI-Alarm
ip audit interface inside DSI-Attack
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo DSL
icmp permit any echo-reply DSL
icmp permit any unreachable DSL
icmp permit any unreachable FIBER
icmp permit any echo FIBER
icmp permit any echo-reply FIBER
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (DSL) 1 interface
global (FIBER) 1 interface
nat (inside) 0 access-list 80
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,FIBER) tcp interface 8080 tarantella 8080 netmask 255.255.255.255
static (inside,FIBER) tcp interface 3144 tarantella 3144 netmask 255.255.255.255
static (inside,FIBER) tcp interface telnet 97.0.0.2 telnet netmask 255.255.255.255
static (inside,FIBER) tcp interface 2222 97.0.0.179 ssh netmask 255.255.255.255
static (inside,FIBER) tcp interface 100 10.18.0.88 100 netmask 255.255.255.255
static (inside,FIBER) tcp interface https 97.0.0.34 https netmask 255.255.255.255
static (inside,FIBER) tcp interface www 97.0.0.34 www netmask 255.255.255.255
static (inside,FIBER) tcp interface 8081 axis-camera-1 www netmask 255.255.255.255
static (inside,FIBER) tcp interface 8082 axis-camera-2 www netmask 255.255.255.255
access-group 100 in interface FIBER
route FIBER 0.0.0.0 0.0.0.0 25.181.205.1 254
route inside 10.0.0.0 255.0.0.0 97.0.0.3 1
route inside 10.2.0.0 255.255.0.0 97.0.0.3 1
route inside 10.3.0.0 255.255.0.0 97.0.0.3 1
route inside 10.4.0.0 255.255.0.0 97.0.0.3 1
route inside 10.8.0.0 255.255.0.0 97.0.0.3 1
route inside 10.12.0.0 255.255.0.0 97.0.0.3 1
route inside 10.31.0.0 255.255.0.0 97.0.0.3 1
route inside 10.41.0.0 255.255.0.0 97.0.0.3 1
route inside 10.99.0.0 255.255.0.0 97.0.0.3 1
route inside 172.17.253.0 255.255.255.0 97.0.0.235 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
url-server (inside) vendor websense host 97.0.0.87 timeout 10 protocol TCP version 4 connections 5
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 88
type echo protocol ipIcmpEcho 96.36.115.65 interface CABLE
num-packets 3
timeout 1000
frequency 3
sla monitor schedule 88 life forever start-time now
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DCMAP 10 set pfs
crypto dynamic-map DCMAP 10 set transform-set TSET
crypto dynamic-map DCMAP 10 set security-association lifetime seconds 28800
crypto dynamic-map DCMAP 10 set security-association lifetime kilobytes 4608000
crypto dynamic-map inside_dyn_map 20 set pfs
crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map inside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map inside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map CMAP 1 match address GLSVPN
crypto map CMAP 1 set peer 66.129.114.59
crypto map CMAP 1 set transform-set ESP-3DES-MD5
crypto map CMAP 1 set security-association lifetime seconds 28800
crypto map CMAP 1 set security-association lifetime kilobytes 4608000
crypto map CMAP 10 ipsec-isakmp dynamic DCMAP
crypto map CMAP interface FIBER
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp identity address
crypto isakmp enable FIBER
crypto isakmp enable inside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
!
track 1 rtr 88 reachability
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 FIBER
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy ASAVPN internal
group-policy ASAVPN attributes
dns-server value 24.217.0.3 63.162.197.99
vpn-tunnel-protocol IPSec svc
default-domain value dsidsi.com
group-policy DSIAdminUsers internal
group-policy DSIAdminUsers attributes
dns-server value 97.0.0.21 97.0.0.22
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DSIAdminUsers_splitTunnelAcl
default-domain value dsi.local
group-policy DSIVPNUser internal
group-policy DSIVPNUser attributes
dns-server value 97.0.0.21 97.0.0.22
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DSIVPNUser_splitTunnelAcl
default-domain value dsi.local
username test password hmQhTUMT1T5Z4KHC encrypted
username test attributes
vpn-group-policy DSIAdminUsers
username akipper password 9PojOPiG2IXFp42B encrypted privilege 0
username akipper attributes
vpn-group-policy ASAVPN
username user1 password 0dldJICVF//EH4X3 encrypted
username user1 attributes
vpn-group-policy DSIVPNUser
username t.reese password JvMrGsialw4hFL/z encrypted privilege 15
username mark password g2vDAdNY1Hx6WOoS encrypted privilege 15
username mark attributes
vpn-group-policy DSIAdminUsers
tunnel-group DefaultRAGroup general-attributes
address-pool (FIBER) VPNPOOL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPOOL
tunnel-group ASAVPN type remote-access
tunnel-group ASAVPN general-attributes
address-pool VPNPOOL
default-group-policy ASAVPN
tunnel-group ASAVPN ipsec-attributes
pre-shared-key *
tunnel-group 66.129.114.59 type ipsec-l2l
tunnel-group 66.129.114.59 ipsec-attributes
pre-shared-key *
tunnel-group DSIVPNUser type remote-access
tunnel-group DSIVPNUser general-attributes
address-pool VPNPOOL
default-group-policy DSIVPNUser
tunnel-group DSIVPNUser ipsec-attributes
pre-shared-key *
tunnel-group DSIAdminUsers type remote-access
tunnel-group DSIAdminUsers general-attributes
address-pool (FIBER) AdminPool
default-group-policy DSIAdminUsers
tunnel-group DSIAdminUsers ipsec-attributes
pre-shared-key *
tunnel-group TestUser type remote-access
tunnel-group TestUser general-attributes
address-pool (FIBER) AdminPool
default-group-policy DSIAdminUsers
tunnel-group TestUser ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
: end
11-29-2012 09:45 AM
Thanks, my asdm image statement was pointing at a bin file that didnt even exist on the flash.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide