Solved: Re: ASDM stop working after upgrading ASA.

loc.nguyen · ‎05-17-2022

Hi,

Hi

I have ASA Model : ASA 5525-X

I just upgraded to a new ASA version: asa9-12-4-39-smp-k8.bin

ASDM stop working, so I upgrade ASDM to asdm image disk0:/asdm-7131-101.bin as the compatibility request.

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

I got the issue that can not authenticate.

I tried to set up ASDM o other laptop but it did not help.

Could you advise what I should do ?

Thanks

Loc

Marvin Rhoads · ‎05-18-2022

I came across the same thing just recently.Everything was setup correctly, had been working for years etc. etc.

We found a reddit thread whereby someone found that changing to "no aaa authentication http console LOCAL" fixes it. Counter-intuitive but it worked for us.

I believe it's a bug but didn't take the time to open a TAC case on it to confirm.

https://www.reddit.com/r/Cisco/comments/u941ye/asdm_not_working_after_asaasdm_upgrade/i77t9of/

View solution in original post

MHM Cisco World · ‎05-17-2022

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

loc.nguyen · ‎05-17-2022

I already checked. It did not work even though the version is correct. Below is mine.

SinghRaminder · ‎05-17-2022

can you provide the output of below command from the CLI of the ASA

show asdm image

Thanks
Raminder
PS: If this answered your question, please don't forget to rate and select as validated answer

loc.nguyen · ‎05-17-2022

asa5520-fw/pri/act# show asdm image
Device Manager image file, disk0:/asdm-7131-101.bin

Sheraz.Salim · ‎05-17-2022

you need to upload the file "asdm-openjre-7131-101.bin" I have tested mine with same image and with asdm-openjre-7131-101.bin. my unit is 5506-X and it worked fine.

please do not forget to rate.

loc.nguyen · ‎05-17-2022

asa5520-fw/pri/act# show version

Cisco Adaptive Security Appliance Software Version 9.12(4)39
SSP Operating System Version 2.6(1.251)
Device Manager Version 7.13(1)

Compiled on Wed 02-Mar-22 14:16 GMT by builders
System image file is "disk0:/asa9-12-4-39-smp-k8.bin"
Config file at boot was "startup-config"

MHM Cisco World · ‎05-17-2022

point to check

ciscoasa# show flash <- do you see the ASDM image ?

ciscoasa# verify flash:/asdm-xxxx.bin <- check if the image is OK

ciscoasa# show adsm image <-check what image run now

If all above OK, change the PC the OLD ASDM file is save in director and java and may cause issue of connection.

Marvin Rhoads · ‎05-18-2022

I came across the same thing just recently.Everything was setup correctly, had been working for years etc. etc.

We found a reddit thread whereby someone found that changing to "no aaa authentication http console LOCAL" fixes it. Counter-intuitive but it worked for us.

I believe it's a bug but didn't take the time to open a TAC case on it to confirm.

https://www.reddit.com/r/Cisco/comments/u941ye/asdm_not_working_after_asaasdm_upgrade/i77t9of/

loc.nguyen · ‎05-18-2022

Yeah, it worked for me. I used that for about 10 ASA I had issue with, all worked. You made my day

Thank you very much.

Loc

dchristenson · ‎11-03-2022

In case someone else has this issue, since none of the above worked for me.
ASDM worked fine on all 6 of my ASAs for years.
After I upgraded from 7.12(1) to 7.18(1.152), it stopped working on my VPN pair only. The other 2 pairs were fine.
After digging I found this on that pair:
webvpn
enable INSIDE tls-only
enable OUTSIDE tls-only

We don't allow it internally anyways, so I disabled it and ASDM is now working:

# conf t
(config)# webvpn
(config-webvpn)# no enable INSIDE tls-only
WARNING: Disabling webvpn removes proxy-bypass settings.
Do not overwrite the configuration file if you want to keep existing proxy-bypass commands.
INFO: WebVPN and DTLS are disabled on 'INSIDE'.

Hope this helps someone else.