03-04-2010 08:35 AM - edited 03-11-2019 10:17 AM
Hi
i have two systems with multiple context( admin, context1, context2)
is it possible to use asdm in multiple context? I can reach asdm using the ip address of the admin context, but not with the ip addres of context1 or context2. nevertheless I can connect in ssh & telnet. I regenareted the key pair with not change.
i have the following message:
Unable to launch device manager from
Any ideas?
thanks
03-04-2010 08:50 AM
Hi,
is it possible to use asdm in multiple context? -- yes. it is possible
You need to configure https 0.0.0.0 0.0.0.0
regards
karuppu
03-04-2010 09:06 AM
Thanks but I allready have this type of line. It does not help
Thanks again.
03-04-2010 09:09 AM
Hi,
Can you paste the output of the below command
sh run | i http (in all the context)
reagrds
karuppu
03-04-2010 09:35 AM
output of command show run | include http
context1
aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin
context admin
http server enable
http 0.0.0.0 0.0.0.0 management
Thanks
03-04-2010 09:50 AM
Hi,
As per your output,the configuration is ok.The interface name (admin) which you have mentioned in http command,it should be reachable from your client.
Check the reachabilty from your desktop to the admin interface ip address.
regards
karuppu
03-04-2010 09:57 AM
thanks
I am writing you behind this interface & the ping works.
Thanks
03-05-2010 01:10 AM
Hi all
Sorry If I write again about this but probleme is that I can not find the solution of this problème
I will start from the begining.
two pix in single mode they were working perfectly acces to asdm worked well. Acces was possible to each pix from a management interface & from an admin interface(vlan) inside those pixs
We deciced to use active/active/failover
we converted one pix to multiple context, we configured failover for thisone as being active 'failover unit primary'
then we converted the second one to multiple context and configure failover on it as being secondary 'failover unit secondary'
Replication works well.
We have one management interface on each pix. After conversion to multiple context the management interface was automatically placed in admin context. The admin interface is in context1 wich is the desired beheavor.
I can acces the contexts (admin; context1, context2 in ssh & telnet). but the only context accessible in asdm is the admin context.
- I noticed that in system context i can do show flash: , wish is not the case for the others contexts.
- I noticed that in system context I can execute the command asdm image, wish is not the case for the others contexts. of course in contexts other thah system i can not see the flash content.
Any idea please we are in a hurry.
Thanks
03-05-2010 01:27 AM
Hi,
can you try to configure the resource allocation in your system context(admin context).
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
can you paste the output of the below command
hostname# show resource usage system counter all 0
regards
karuppu
03-05-2010 02:16 AM
Hi
thanks for your answer
in order to be able to execue your commansd I have to do
changeto system
and there is
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
being there i did:
show resource usage system counter all 0
that's the output.
Resource Current Peak Limit Denied Context
Telnet 0 1 100 0 System
SSH 1 2 100 0 System
ASDM 1 5 32 0 System
Syslogs [rate] 1 668 N/A 0 System
Conns 16082 42031 1000000 0 System
Xlates 69 132 N/A 0 System
Hosts 2626 4672 N/A 0 System
Conns [rate] 168 1285 N/A 0 System
Inspects [rate] 3 37 N/A 0 System
Thanks again
03-05-2010 05:57 AM
The contexts that fail to launch ASDM what do the logs show?
You have http enabled right? and the IP address from which you are trying asdm in the http line.
http server enable
http x.x.x.x 255.255.255.255 inside
where inside is the name of the interface and x.x.x.x is the ip address of the client.
Check and see what the logs show.
-KS
03-05-2010 07:33 AM
Hi Thanks.
- the output of command show run | include http in context1
aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin
where the interface admin is a vlan
- the output of command in context admin
http server enable
http 0.0.0.0 0.0.0.0 management
where management is a dedicated interface "ethernet0"
I am actually writing from a work station that has as gateway the interface admin i can do ping , i can telnet & ssh to it but not asdm i get Unable to launch device manager from ....
Thanks
03-05-2010 07:43 AM
WHAT DO THE LOGS SAY WHEN IT FAILS?
conf t
logging buffered 7
sh logg | i x.x.x.x where x.x.x.x is the client that you are using to asdm from.
If you can telnet and ssh to the same IP address then, configuration is not a problem.
- the output of command show run | include http in context1
aaa authentication http console LOCAL
aaa authentication secure-http-client ----------> you can remove this and make it simple and try.
http server enable
http 0.0.0.0 0.0.0.0 admin
collect captures and see what may be going on.
-KS
03-05-2010 08:24 AM
Hi
there is nothing in logs
if I do https to the context1 admin interface i get " the connection have being reinitialized during page loading"
if i do https to the management interface of the admin context it proppose me to download asdm launcher.
thanks
03-05-2010 08:50 AM
When you asdm in from this client PC could you pls. wireshark your requests? Doesn't look like these are reaching the context interface at all.
You can collect captures on the context as well.
This is getting a little involved. May be a good idea to open a TAC case so, they can collect debugs and captures and analyze them.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide