07-10-2024 12:58 PM
Brand new ASA, I had connected via ASDM. No updates to the ASA, though not aware of anything on the client side changing either. ASA is v9.18(2) with ASDM v7.18(1)152. On one desktop I had tried various versions of Java from 1.8 202 to now 1.8 411 and OpenJDK as well. On 2 machines I am able to connect to various ASAs from 5506s to FPR1010s without issue.
Behavior is I get immediately a prompt to retype my username and password. Same username and password that will allow me to connect to the ASA through a web browser (i.e. /gadmin/exec/sh run). On the ASA I get nothing helpful in logs:
%ASA-6-302013: Built inbound TCP connection 213 for outside:192.168.101.20/50533 (192.168.101.20/50533) to identity:192.168.100.106/443 (192.168.100.106/443)
%ASA-6-725001: Starting SSL handshake with client outside:192.168.101.20/50533 to 192.168.100.106/443 for TLS session
%ASA-6-725003: SSL client outside:192.168.101.20/50533 to 192.168.100.106/443 request to resume previous session
%ASA-6-725002: Device completed SSL handshake with client outside:192.168.101.20/50533 to 192.168.100.106/443 for TLSv1.2 session
%ASA-6-113012: AAA user authentication Successful : local database : user = sam
%ASA-6-113009: AAA retrieved default group policy (DfltGrpPolicy) for user = sam
%ASA-6-113008: AAA transaction status ACCEPT : user = sam
%ASA-6-605005: Login permitted from 192.168.101.20/50533 to outside:192.168.100.106/https for user "sam"
%ASA-6-611101: User authentication succeeded: IP address: 192.168.101.20, Uname: sam
On the client end the Java console does not print anything at all. Without any errors either on ASA side or client side I do not know where to look. Hoping someone has had similar issue. Again, I am connecting just fine to other ASA's that have older versions of ASDM, so my thought is something has changed or there is a bug with this version maybe
Solved! Go to Solution.
07-11-2024 04:55 AM - edited 07-11-2024 04:56 AM
Change webvpn port from 443 to other port like 8443 then no need to disable it to make asdm work.
By the way your other post about l2tp over ipsec you try my suggestion?
MHM
07-10-2024 01:08 PM
You run anyconnect in outside interface?
If yes then try add
/admin
In end of url when ypu try access to asa
MHM
07-11-2024 04:09 AM
ASDM only accepts the IP address, no URL format for sub folders accepted. Besides, when I do connect to just the IP address I see in the Java console log:
Trying for ASDM Version file; url = https://192.168.100.106/admin/
So the "admin" is already being added by the ASDM launcher. If I do remove "webvpn" this does work. Odd, because I have webvpn on a few others without this problem. This is the first time in years I have encountered an issue with ASDM like this. The last was on Windows machine where I had to accept the cookie (i.e. open the ASA URL in Internet Explorer before opening in ASDM).
07-11-2024 04:55 AM - edited 07-11-2024 04:56 AM
Change webvpn port from 443 to other port like 8443 then no need to disable it to make asdm work.
By the way your other post about l2tp over ipsec you try my suggestion?
MHM
07-11-2024 09:35 AM
I recently had a similar issue with one customer ASA that was updated after working for many years. I found that clearing my Java cache from within the Java control panel of my client PC got things back in working order.
07-11-2024 09:46 AM
I did have a java cache issue a few years ago, that was easily resolved and figured when I connected from a different PC. This time it did turn out to be 'webvpn' configuration was in place. This has to be something new where it would conflict with ASDM as I would have many from 5505s to 5506s to FPR1010s that had webvpn & ASDM accessible. For this situation there was no need for webvpn, so once that was removed the ASDM immediately worked. It would have been nice had I seen something in the logs to indicate the conflict or error.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide