cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3641
Views
0
Helpful
7
Replies

ASDM troubles with Java 7 update 51

William Coats
Level 1
Level 1

I am having a problem connecting to my ASA's since the java 7 update 51 was installed. I downgraded my java to update 45 so I could update all of my ASA's to 7.1.5.100. Now that I have had to go back to update 51, I can't get into most of my devices. The one ASA I can get into most of the time is the device we use for our VPN connections. This device has a certificate issued by an outside CA. None of our other devices have an identity certificate, not even a self signed certificate.

I can get to the devices if I first go to the device with the certificate and then go to another devices, but this is a major pain.

I also was wondering if there will be an update to the ASDM-IDM Launcher that will allow it to start working again.

7 Replies 7

lbresearch
Level 1
Level 1

I had this issue with the new update as well.  I can tell you what worked for me.  Go to your windows control panel > Java applet > security tab > edit site list > and add the IP address with http or https prefix and port.

Apparently the new Java update is raising the bar on security and you have to explicitly allow certain problem sites.

I have placed all of my ASA addresses in the security tab. I still have the problem of not being able to get into my devices. It takes me 5 - 10 minutes of trying before I can get into the devices. This would be much better if Cisco would just update the ASDM-IDM Launcher to work with the new versions of Java.

What is the exactly line you're putting in?

 

For my ASDM device I used https://111.111.111.111:443

 

If you're not using https and are using regular http:// then of course you would use port 80 instead of 443.

lbresearch
Level 1
Level 1

What is the exactly line you're putting in?

 

For my ASDM device I used https://111.111.111.111:443

 

If you're not using https and are using regular http:// then of course you would use port 80 instead of 443.

 

 

I had them entered as https://111.111.111.111, so I added the port to each line. It didn't make any difference. 

joseoroz
Cisco Employee
Cisco Employee

Hello WilliamCoats1,

 

This is the bug that documents that problem. The problem is no the java side and is related to the mentioned update. 

 

Here you can see a couple of workarounds but the best and the one that has worked for me is downgrading the java to update to 6u45.

 

https://tools.cisco.com/bugsearch/bug/CSCum46193/?reffering_site=dumpcr

Hope you find this information helpful.

    ~~~    __o

   ~~~    _<,_
  ~~~   (_)/ (_) 

 

As you can see in my first post, going back to Java 7u45 is not an option. The computer requires us to stay current on security patches. If you had read my post you would know that I had send that bug report and thats how I knew to go back to update 45 so I could get 7.1.5.100 installed.

 

My problem is that when I try to log into the ASA's it takes 5 minutes or more before I can get logged in. I have all of these icons on my desktop I can double click to start the connection process and most of the time they fail 10 times before I can get one to make a connection. Once one of them makes a connection,then I can just move to the firewall I really need to be working on. 

 

I have updated all of the firewalls to 7.2.1 know and the ASDM-IDM launcher, which was updated to a version by 7.2.1, still does not work. The launcher getting fixed would be the best solution. Or Cisco could just drop Java and be done with this nonsense once and for all. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: