Hi @balaji.bandi here is the info.

Cisco Adaptive Security Appliance Software Version 9.6(3)1
Device Manager Version 7.7(1)150

ASA is a 5506

The error i am getting is ASDM unable to launch device manager from x.x.x.x

x.x.x.x is the IP address removed for Security

Here is the Java Log:

java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
at sun.security.ssl.BaseSSLSocketImpl.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.cisco.launcher.y.a(Unknown Source)
at com.cisco.launcher.y.if(Unknown Source)
at com.cisco.launcher.r.a(Unknown Source)
at com.cisco.launcher.s.do(Unknown Source)
at com.cisco.launcher.s.null(Unknown Source)
at com.cisco.launcher.s.new(Unknown Source)
at com.cisco.launcher.s.access$000(Unknown Source)
at com.cisco.launcher.s$2.a(Unknown Source)
at com.cisco.launcher.g$2.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Trying for IDM. url=https://x.x.x.x/idm/idm.jnlp/
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
at sun.security.ssl.BaseSSLSocketImpl.connect(Unknown Source)
at sun.net.NetworkClient.doConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at com.cisco.launcher.w.a(Unknown Source)
at com.cisco.launcher.s.for(Unknown Source)
at com.cisco.launcher.s.new(Unknown Source)
at com.cisco.launcher.s.access$000(Unknown Source)
at com.cisco.launcher.s$2.a(Unknown Source)
at com.cisco.launcher.g$2.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Thank you,

E

All ASA same version working and not working one?

what is the java version you have installed?

when you type on browser https://asaipaddress ? what is the outcome?

This ASA is an older version i was trying to upgrade it but cant reach asdm and cant tftp the image into it.

The site cant be reached is what i get.

Using JRE version 1.8.0_221 Java HotSpot(TM) Client VM

Thanks for your help,

E

issue the command show ssl cipher on an ASA that is working and then compare that with the ssl cipher on the ASA that is not working (if it is an ASA version older than 9.3 use the command show ssl encryption).  If they are a little different add the missing ciphers to the ASA that ASDM doesnt work on.

Hi @Marius Gunnerud, thanks for the advice.  I compared it to a working one and it was missing a cipher.  I did add it and it still isn't connecting.  Still showing the same error.

Thank you,

E

Which browser are you using? Have you tried a different browser?

Are you able to SSH to the device? if yes, can you issue the commands sh run asdm, show run http, dir, show run aaa.

Also, are you able to reach the ASA via https in a browser?  https://192.168.1.1/admin (if you are running AnyConnect VPN you need the /admin to reach the ASDM installation screen). Try uninstalling ASDM from your machine and installing the ASDM client from the ASA that is not working (or better yet, if you have a spare PC you can install ASDM on use that one)

Hi @Marius Gunnerud 

Here is the info.

ASA# sh run asdm
asdm image disk0:/asdm-771-150.bin
no asdm history enable
ASA# sho run http
http server enable
http 192.168.1.0 255.255.255.0 outside-backup
http 192.168.2.0 255.255.255.0 outside
ASA# dir

Directory of disk0:/

104 -rwx 86456832 19:18:58 Feb 10 2017 asa961-lfbff-k8.SPA
105 -rwx 25819140 19:19:28 Feb 10 2017 asdm-761.bin
106 -rwx 62 14:29:24 Oct 11 2019 .boot_string
11 drwx 4096 19:22:30 Feb 10 2017 log
23 drwx 4096 19:23:22 Feb 10 2017 crypto_archive
107 -rwx 4096 18:00:00 Dec 31 1979 FSCK0000.REC
108 -rwx 4096 18:00:00 Dec 31 1979 FSCK0001.REC
24 drwx 4096 19:26:44 Feb 10 2017 coredumpinfo
109 -rwx 84541616 06:45:18 Apr 09 2017 asa963-1-lfbff-k8.SPA
110 -rwx 41846784 06:45:32 Apr 09 2017 asasfr-5500x-boot-6.2.0-2.img
111 -rwx 26729944 06:46:02 Apr 09 2017 asdm-771-150.bin

7365472256 bytes total (3876720640 bytes free)

#ASA# sho run aaa
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL

I am not able to reach it with a browser from my machine or from a local machine at that office.

I have uninstalled and installed the ASDM already.

I am now at this point where I cant figure out what it could be.

Thanks again,

E

Are you able to do a reboot of the ASA? It is possible there is some process which is hanging.

@Marius Gunnerud I can reboot it later after hours and see if that fixes anything.

I will update soon.

Thank you for your help thus far,

E

Hi @Marius Gunnerud I rebooted the ASA and i still cant get the ASDM to open for that ASA.

Any help is appreciated.

Thank you,

Elvir

Do you by chance have a NAT statement for port tcp/443 on the affected ASA?

@Marius Gunnerud  there is not a nat statement for TCP?443

Could you provide us with the output of show route interface outside and show route interface outside-backup as well as show int ip brief.  remember to remove any public IPs.

Also, which IP / subnet are you trying to reach the ASA from?