cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5442
Views
0
Helpful
6
Replies

ASDM not accessible with ASA5510

Anvar Mohammed
Level 1
Level 1

hi,

i have ASA 5510 with firmware version 8.4.2 and ASDM firmware 6.4.5 , it is a new system and there is no configuration other than inside network and HTTP server enable , allow my ip address to access http server.

am able to ping the firewall but no access throguh ASDM, can anybody please help me to sort out the problems.

please find belwo show version output and attached running configuration.

thanks,

Anvar

Cisco Adaptive Security Appliance Software Version 8.2(1)

Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders

System image file is "disk0:/asa821-k8.bin"

Config file at boot was "startup-config"

ASA up 5 mins 16 secs

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04

0: Ext: Ethernet0/0         : address is c47d.4f98.d16c, irq 9

1: Ext: Ethernet0/1         : address is c47d.4f98.d16d, irq 9

2: Ext: Ethernet0/2         : address is c47d.4f98.d16e, irq 9

3: Ext: Ethernet0/3         : address is c47d.4f98.d16f, irq 9

4: Ext: Management0/0       : address is c47d.4f98.d170, irq 11

5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:

Maximum Physical Interfaces  : Unlimited

Maximum VLANs                : 50       

Inside Hosts                 : Unlimited

Failover                     : Disabled

VPN-DES                      : Enabled  

VPN-3DES-AES                 : Disabled 

Security Contexts            : 0        

GTP/GPRS                     : Disabled 

SSL VPN Peers                : 2        

Total VPN Peers              : 250      

Shared License               : Disabled

AnyConnect for Mobile        : Disabled 

AnyConnect for Linksys phone : Disabled 

AnyConnect Essentials        : Disabled 

Advanced Endpoint Assessment : Disabled 

UC Phone Proxy Sessions      : 2        

Total UC Proxy Sessions      : 2        

Botnet Traffic Filter        : Disabled 

This platform has a Base license.

Serial Number: JMX1417L41M

Running Activation Key: 0x4810dc57 0x14b43bad 0x908101a8 0x98bccc6c 0xc9153395

Configuration register is 0x1

Configuration has not been modified since last system restart.

ASA#  %ASA-7-111009: User 'enable_15' executed cmd: show version

1 Accepted Solution

Accepted Solutions

Hello Anvar,

You do need that license it is a free license that you can get here:

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet

After you get the license install into your ASA can you add the following command and give it a try

     -ssl encryption aes256-sha1 aes128-sha1 3des-sha1

Regards,

Do rate helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

6 Replies 6

Julio Carvajal
VIP Alumni
VIP Alumni

Hello Anvar,

1-So you are trying to connect to the ASDM via the pc 172.16.0.1 right? because that is the only one set allow to do it on your configuration?

2-You said  you are running 8.4.2 and ASDM firmware 6.4.5 but your show version shows that you are running 8.2(1) and 6.2(1) as the ASDM image.Please check that and provide the right information

3- Please provide the show run asdm?

4- Do a debug HTTP and try to connect to the ASDM, provide the output you get.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi Julio,

i corrected image related issues .please find answers below :-

no outputs with debug http .,

will  this VPN-3DES-AES                      : Disabled       perpetual            can make problems with asdm ???

1) sh ver

CISCOASA(config)# sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Device Manager Version 6.4(5)206

Compiled on Wed 15-Jun-11 18:17 by builders

System image file is "disk0:/asa842-k8.bin"

Config file at boot was "startup-config"

CISCOASA up 1 hour 44 mins

Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

                             Boot microcode        : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.06

                             Number of accelerators: 1

0: Ext: Ethernet0/0         : address is c47d.4f98.d16c, irq 9

1: Ext: Ethernet0/1         : address is c47d.4f98.d16d, irq 9

2: Ext: Ethernet0/2         : address is c47d.4f98.d16e, irq 9

3: Ext: Ethernet0/3         : address is c47d.4f98.d16f, irq 9

4: Ext: Management0/0       : address is c47d.4f98.d170, irq 11

5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited      perpetual

Maximum VLANs                     : 50             perpetual

Inside Hosts                      : Unlimited      perpetual

Failover                          : Disabled       perpetual

VPN-DES                           : Enabled        perpetual

VPN-3DES-AES                      : Disabled       perpetual

Security Contexts                 : 0              perpetual

GTP/GPRS                          : Disabled       perpetual

AnyConnect Premium Peers          : 2              perpetual

AnyConnect Essentials             : Disabled       perpetual

Other VPN Peers                   : 250            perpetual

Total VPN Peers                   : 250            perpetual

Shared License                    : Disabled       perpetual

AnyConnect for Mobile             : Disabled       perpetual

AnyConnect for Cisco VPN Phone    : Disabled       perpetual

Advanced Endpoint Assessment      : Disabled       perpetual

UC Phone Proxy Sessions           : 2              perpetual

Total UC Proxy Sessions           : 2              perpetual

Botnet Traffic Filter             : Disabled       perpetual

Intercompany Media Engine         : Disabled       perpetual

This platform has a Base license.

Serial Number: JMX1417L41M

Running Permanent Activation Key: 0x4810dc57 0x14b43bad 0x908101a8 0x98bccc6c 0xc9153395

Configuration register is 0x1

Configuration last modified by enable_15 at 07:48:26.919 UTC Wed Dec 28 2011

CISCOASA(config)# 

2)  -------------------------------------------------

CISCOASA(config)# sh run

: Saved

:

ASA Version 8.4(2)

!

hostname CISCOASA

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

no ip address

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 172.16.0.254 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

boot system disk0:/asa842-k8.bin

ftp mode passive

pager lines 24

logging enable

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-645-206.bin

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map inspection_default

match default-inspection-traffic

!

!            

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

call-home reporting anonymous prompt 2

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:60848d3b50cb81f67a56162f40b54074

: end

3)------------------------------------------------------------------------------------

ISCOASA(config)# debug http 1

debug http enabled at level 1.

CISCOASA(config)#

CISCOASA(config)#

CISCOASA(config)#

CISCOASA(config)# sh run asdm

asdm image disk0:/asdm-645-206.bin

no asdm history enable

CISCOASA(config)# ping 172.16.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

CISCOASA(config)#

thanks,

Anvar

Hello Anvar,

You do need that license it is a free license that you can get here:

https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet

After you get the license install into your ASA can you add the following command and give it a try

     -ssl encryption aes256-sha1 aes128-sha1 3des-sha1

Regards,

Do rate helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Dear Julio,

yeh it is fixed now ..i did not get the license from above link but i got a demo license from cisco to enable VPN-3DES-AES

and i use the command as u said so its worked.

agian many thanks for your kind support.

thanks,

Anvar

Hello Anvar,

My pleasure! Hope you have a happy new year.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hello Juvial,

 

Yes my asdm worked after adding the -ssl encryption aes256-sha1 aes128-sha1 3des-sha1.

 

Thank You,

Azeem 

Review Cisco Networking for a $25 gift card