cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
786
Views
0
Helpful
3
Replies

ASDM not Working for cisco ASA5506-X

qus83
Beginner
Beginner

Hi 

 

I'm trying to access ASDM from internal interface in order to configure site to site vpn to build my configuration prior to shipping and   before client's network become usable

 

the problem is I cannot access ASDM https://10.10.10.1 is not working 

and I cannot ping from my pc to this ip(ip for my laptop is dhcp automatically )

and from sh inter ip br the interface is down because I didn't plugged in any cable , I don't know if it's related to this issue or not ??

 

Right now I'm accessing ASA directly , console cable



: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)
!
hostname asa
domain-name net.local
enable password xxxxxx
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface GigabitEthernet1/2
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet1/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/8
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management1/1
 management-only
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
 domain-name net.local
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object-group network VPN-LOCAL
 network-object 10.10.10.0 255.255.255.0

object-group network VPN-REMOTE
 network-object 172.16.0.0 255.255.255.0

object-group service SERVICES-OUTBOUND
 service-object tcp destination eq www
 service-object tcp destination eq https
 service-object tcp destination eq ftp
 service-object tcp destination eq ftp-data
 service-object tcp destination eq 8080
 service-object tcp destination eq 8443
 service-object icmp echo
 service-object icmp source-quench
 service-object icmp time-exceeded
 service-object icmp traceroute
 service-object icmp unreachable
 service-object udp destination eq domain
access-list inside-in extended permit object-group SERVICES-OUTBOUND 10.10.10.0 255.255.255.0 any
access-list global_access extended permit tcp any any eq www
access-list global_access extended permit tcp any any eq https
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-782.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network obj_any
 nat (any,outside) dynamic interface
access-group inside-in in interface inside
access-group global_access global
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
!
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication login-history
!
http server enable
http 172.16.1.0 255.255.255.0 inside
http 172.16.0.0 255.255.255.0 inside
http 15.25.25.18 255.255.255.255 outside
http 10.10.10.0 255.255.255.0 inside
http 187.124.139.12 255.255.255.255 outside
http 185.91.12.10 255.255.255.255 outside
http 15.07.26.4 255.255.255.255 outside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
!
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
!
ssh stricthostkeycheck
ssh 187.124.139.12 255.255.255.255 outside
ssh 185.91.12.10 255.255.255.255 outside
ssh 15.07.26.4 255.255.255.255 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
!

dhcpd address 10.10.10.100-10.10.10.150 inside

dhcpd dns 172.16.0.3 172.16.0.3 interface inside

dhcpd lease 28800 interface inside

dhcpd domain net.local interface inside

dhcpd enable inside


!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect dns preset_dns_map
policy-map type inspect dns migrated_dns_map_2
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c5b9b1377df9367b2e3bb1a52a6eca80
3 Replies 3

Karsten Iwen
VIP Mentor VIP Mentor
VIP Mentor

If you don't connect your PC to the ASA, there is no connectivity to the ASA ... Yes that's related to your problem.

Connect your PC to Gig1/2 of the ASA and try again.

Hi

Thanks for your reply

 

 If  I want to access asdm from outside interface after the asa connect to Client's  network and get the dhcp public ip address from ISP, please check the configuration if I miss something ?

The ASA is configured with DHCP-client on the outside interface and allows ASDM from some specific IPs. That should work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers