Solved: Re: Can't Connect ASDM to ASA 5525x

Arsen Gharibyan · ‎05-01-2013

Hi everyone, i need some help connecting ASDM to ASA 5525x management port

its a brand new ASA i just updated ios and ASDM

port configuration is folowig

Managemnt por 0/0 ip 192.168.1.1

secure-level 100

http server enable

http 192.168.1.10 255.255.255.255 inside

port is up

when im launching Internet explorer it just said cant connect

Chrome shows connection with 192.168.1.1 is was interupted

but i can ping asa and backward .

any ideas ?

show asdm disk0

Julio Carvajal · ‎05-02-2013

Hello,

That is why I asked the following on my First post

Hello,

The interface where you are trying to connect is managment not inside

Do the following:

http 192.168.1.10 255.255.255.255 managment

Then let us know,

Also share show ssl

Glad to know that is working now

I would leave it like this:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Rate all of the helpful posts and mark the question as answered

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎05-01-2013

Hello,

The interface where you are trying to connect is managment not inside

Do the following:

http 192.168.1.10 255.255.255.255 managment

Then let us know,

Also share show ssl

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Arsen Gharibyan · ‎05-01-2013

I tried management also , didnt work. do i need to uninstall ASDM from my local machine ?

what aboout flash and disk 0 is the same thing right ?

walterfernandezgonzalez1 · ‎04-24-2015

I HAVE THE SAME problem with exactly the same settings on my ASA 5525 -X. I have done the security mentioned in this forum, but I can not

Ajay Saini · ‎05-01-2013

Please get the following outputs:

sh ver

show flash

show run asdm

show run http

show run all ssl

if you can collect syslogs, please share.

FYI, disk0 and flash are same

-

AJ

Arsen Gharibyan · ‎05-01-2013

ok give me about 30 min

cadet alain · ‎05-01-2013

Hi,

did you use https:// 192.168.1.1 ?

Regards

Alain

Don't forget to rate helpful posts.

Arsen Gharibyan · ‎05-01-2013

Yes i am using https, i will try to enable logging ant level 7 to see what is actually happening durning the connection

Julio Carvajal · ‎05-01-2013

Hello Arsen

Share your configuration please,

And the show flash

That would be the only way to make this happens,

You have not provided the ouputs requested, without that I will not help you as I am blind here

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Arsen Gharibyan · ‎05-01-2013

Sorry about that i need extra 15 minutes ,acctually ia have a second 5525x and im having absolutelly same problem on the second one.

Arsen Gharibyan · ‎05-01-2013

System image file is "disk0:/asa902-smp-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 17 hours 20 mins

Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB

Device Manager image file, disk0:/asdm-712-102.bin

http server enable

http 192.168.1.10 255.255.255.255 inside

ssl server-version any

ssl client-version any

ssl encryption des-sha1

http server enable
http 192.168.1.10 255.255.255.255 inside

ssl server-version any
ssl client-version any
ssl encryption des-sha1

sorry for delay

BTW there is no nameif manegemen only inside

Arsen Gharibyan · ‎05-01-2013

Ok i know why its not working , but i dont know how to fix it . Any ideas ?

%ASA-7-725011: Cipher[1] : AES128-SHA

%ASA-7-725011: Cipher[2] : AES256-SHA

%ASA-7-725011: Cipher[3] : RC4-SHA

%ASA-7-725011: Cipher[4] : DES-CBC3-SHA

%ASA-7-725011: Cipher[5] : DHE-DSS-AES128-SHA

%ASA-7-725011: Cipher[6] : DHE-DSS-AES256-SHA

%ASA-7-725011: Cipher[7] : EDH-DSS-DES-CBC3-SHA

%ASA-7-725011: Cipher[8] : RC4-MD5

%ASA-7-725014: SSL lib error. Function: SSL3_GET_CLIENT_HELLO Reason: no shared cipher

%ASA-6-302014: Teardown TCP connection 82 for inside:192.168.1.10/55056 to ident ity:192.168.1.1/443 duration 0:00:00 bytes 7 TCP Reset by appliance

%ASA-7-609002: Teardown local-host inside:192.168.1.10 duration 0:00:00

%ASA-7-609002: Teardown local-host identity:192.168.1.1 duration 0:00:00

Arsen Gharibyan · ‎05-01-2013

Fixed

solution

ssl encryption rc4-sha1

)

Julio Carvajal · ‎05-02-2013

Hello,

That is why I asked the following on my First post

Hello,

The interface where you are trying to connect is managment not inside

Do the following:

http 192.168.1.10 255.255.255.255 managment

Then let us know,

Also share show ssl

Glad to know that is working now

I would leave it like this:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Rate all of the helpful posts and mark the question as answered

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

walterfernandezgonzalez1 · ‎04-24-2015

Can't Connect ASDM to ASA 5525x

I HAVE THE SAME problem with exactly the same settings on my ASA 5525 -X. I have done the security mentioned in this forum, but I can not