10-12-2014 01:43 AM - edited 02-21-2020 05:18 AM
I am able to login through cli but with the same credentials if i access ASDM its saying "Login failed".
Cisco Adaptive Security Appliance Software Version 9.1(5)10
Device Manager Version 7.3(1)
Compiled on Thu 03-Jul-14 09:45 PDT by builders
System image file is "disk0:/asa915-10-smp-k8.bin"
Config file at boot was "startup-config"
ASA up 24 days 2 hours
failover cluster up 36 days 16 hours
Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2393 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is 18e7.282e.8a5d, irq 11
1: Ext: GigabitEthernet0/0 : address is 18e7.282e.8a62, irq 5
2: Ext: GigabitEthernet0/1 : address is 18e7.282e.8a5e, irq 5
3: Ext: GigabitEthernet0/2 : address is 18e7.282e.8a63, irq 10
4: Ext: GigabitEthernet0/3 : address is 18e7.282e.8a5f, irq 10
5: Ext: GigabitEthernet0/4 : address is 18e7.282e.8a64, irq 5
6: Ext: GigabitEthernet0/5 : address is 18e7.282e.8a60, irq 5
7: Ext: GigabitEthernet0/6 : address is 18e7.282e.8a65, irq 10
8: Ext: GigabitEthernet0/7 : address is 18e7.282e.8a61, irq 10
9: Ext: GigabitEthernet1/0 : address is 00e0.ed24.35d0, irq 11
10: Ext: GigabitEthernet1/1 : address is 00e0.ed24.35d1, irq 5
11: Ext: GigabitEthernet1/2 : address is 00e0.ed24.35d2, irq 5
12: Ext: GigabitEthernet1/3 : address is 00e0.ed24.35d3, irq 11
13: Ext: GigabitEthernet1/4 : address is 00e0.ed24.35d4, irq 11
14: Ext: GigabitEthernet1/5 : address is 00e0.ed24.35d5, irq 5
15: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
16: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
17: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
18: Ext: Management0/0 : address is 18e7.282e.8a5d, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 5 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 10 perpetual
AnyConnect Essentials : 750 perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 100 perpetual
Total UC Proxy Sessions : 100 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Enabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
This platform has an ASA5525 VPN Premium license.
Failover cluster licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 10 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 20 perpetual
AnyConnect Essentials : 750 perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 200 perpetual
Total UC Proxy Sessions : 200 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Enabled perpetual
IPS Module : Disabled perpetual
Cluster : Enabled perpetual
ASA# dir disk0:
Directory of disk0:/
10 drwx 4096 14:56:22 Feb 21 2014 log
21 drwx 4096 09:04:42 Sep 14 2014 crypto_archive
22 drwx 4096 14:56:56 Feb 21 2014 coredumpinfo
103 -rwx 369920 02:58:02 Sep 17 2014 crash.txt
104 -rwx 17851400 15:00:26 Feb 21 2014 asdm-66114.bin
105 -rwx 38191104 03:55:16 Aug 31 2014 asa912-smp-k8.bin
106 -rwx 25088760 06:17:18 Sep 02 2014 asdm-731.bin
107 -rwx 38025216 06:16:26 Sep 02 2014 asa915-10-smp-k8.bin
108 -rwx 35468146 02:14:58 Sep 03 2014 anyconnect-win-3.1.05182-k9.pkg
109 -rwx 11612177 01:50:50 Sep 04 2014 anyconnect-macosx-i386-3.1.05182-k9.pkg
ASA# sh run http
http server enable
http 10.10.10.0 255.255.255.0 management
ASA# sh run ssl
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ASA# sh run asdm
asdm image disk0:/asdm-731.bin
ASA# sh run aaa
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
My java version is
version 8 update 20
Solved! Go to Solution.
10-12-2014 01:31 PM
You may need to register your ASA certificate with Java. Reference this document.
You can export the certificate without using ASDM - use your browser's toolbar after having browsed to the ASA.
10-12-2014 01:31 PM
You may need to register your ASA certificate with Java. Reference this document.
You can export the certificate without using ASDM - use your browser's toolbar after having browsed to the ASA.
10-14-2014 03:20 AM
Thanks for the input Marvin,Few interesting observations i did try the above method using ASDM like few of the steps below.
But it didnt work initially then later i had to create a new username then it started working.
10-14-2014 09:57 AM
You're welcome - glad it's now working for you.
Please rate your question as answered if it helped.
10-14-2014 12:18 PM
Sure Marv,What do you think it worked with new username...
10-14-2014 12:20 PM
Hard to say but one plausible explanation is that someone changed the password associated with the old username by mistake.
You'd have to compare a working and non-working copy of the config (if you have them) to see if the hashed value for the password was different.
10-14-2014 12:38 PM
ohh i tried that....iam the only one with access..is something related to max usn/pwd limitations...cos the one which worked was simple cisco usn..
10-14-2014 01:06 PM
Hmm.
Well as of ASA 8.4(2) they eliminated the ability to use the old "asa" default username. That shouldn't be an issue with your 9.1 though.
Local password policy restrictions became available as of 9.1(2) (and 8.4(4.1)) but that too shouldn't affect you. Beside, the default is not to have such a policy until it's been configured.
11-24-2022 09:34 PM
I am getting the certificate in PEM format when i download. I will be able to import it to Java control panel only if it is in CSR or .p12 format.
Any suggestions. I am not able to login to the ASDM since a week and now i have to fix it asap. Any help on this is much appreciated.
10-18-2022 12:55 PM
I know this is super old but I didn't find success in creating a new user.
What I ended up doing was changing the http server listening port via CLI; 'http server enable 2002' (for example).
I suspect the issue was/is that Anyconnect is using the same interface via port 443, as was the case with me. As soon as I changed the listening port for ASDM it connected fine.
11-28-2023 06:11 PM
Fantastic post @jpeterson3. This workaround solved a recent ASDM access issue following an upgrade.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide