Can't get to GUI on ASA via browser

GuoPatrick02 · ‎12-25-2012

Every time I type in https://192.168.1.1 into my web browser, it keeps giving me a "page cannot be displayed" error and it happens on any browser. I'm running Java 6 update 7. I could get on it before when I used it to download ASDM but for whatever reason not anymore. On the same computer, I can get to my ASA via SSH and even via ASDM, but just not web browser. Here's my show run:

# show run

: Saved

:

ASA Version 8.4(4)1

!

hostname PatG

enable password aDvdtQE/ih5t061i encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

switchport access vlan 2

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Vlan3

no forward interface Vlan1

nameif dmz

security-level 0

ip address 192.168.2.1 255.255.255.0

!

boot system disk0:/asa844-1-k8.bin

ftp mode passive

object network obj_any

subnet 0.0.0.0 0.0.0.0

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-649-103.bin

no asdm history enable

arp timeout 14400

!

object network obj_any

nat (inside,outside) dynamic interface

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server Remote1 protocol radius

aaa-server Remote1 (inside) host 192.168.1.8

key *****

radius-common-pw *****

user-identity default-domain LOCAL

aaa authentication ssh console Remote1

http server enable

http 192.168.1.0 255.255.255.0 inside

http 0.0.0.0 0.0.0.0 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 inside

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

dhcpd domain redtube.com

dhcpd auto_config outside

dhcpd option 150 ip 192.168.1.15 192.168.1.5

!

dhcpd address 192.168.1.5-192.168.1.36 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

enable outside

group-policy RemoteHTTP internal

group-policy RemoteHTTP attributes

vpn-tunnel-protocol ssl-clientless

webvpn

url-list value Test

customization value DfltCustomization

username guop password qCMo8xqGuQSEUEJI encrypted

tunnel-group Browser type remote-access

tunnel-group Browser general-attributes

authentication-server-group Remote1

default-group-policy RemoteHTTP

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect http

policy-map map

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

no active

destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

destination address email callhome@cisco.com

destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily

password encryption aes

Cryptochecksum:177679fd914b407b6d1670bb4d9ecfa1

: end

Can anyone please help me?

kcnajaf · ‎12-25-2012

Hi Patrick,

Your configuration shows you will be able to access the GUI only from the inside interface and from 192.168.1.x inside network any ip from outside network. Are you trying to access this through inside or outside interface?

http 192.168.1.0 255.255.255.0 inside

http 0.0.0.0 0.0.0.0 outside

Try disabbling the http service and enable it back with below command.

no ip http server

ip http server
http 192.168.1.0 255.255.255.0 inside

Also you could try accessing GUI with http rather than https and check if that works.

http://192.168.1.1

Also you need to specify the ASDM image location with below command.

ASA(config)#asdm image disk0:/file

Regards

Najaf

GuoPatrick02 · ‎12-25-2012

Didn't work, same result, thanks for suggestion though

Marvin Rhoads · ‎12-26-2012

Can you confirm that the VPN-3DES-AES license is installed? "show activation-key | i AES".

Also please confirm that the asdm image is present on disk0: "dir disk0:" should return a listing for asdm-649-103.bin.

andduart · ‎12-26-2012

Hello,

Quick question, did you try the Install ASDM Launcher option? Also, have you been able to see some type of logs on your firewall at a time to connect?

GuoPatrick02 · ‎12-26-2012

Nevermind guys, I found the problem. I had to enable a something in "about:config" on firefox to get it to work. Thanks for all your help and suggestions~

ymyat804 · ‎12-04-2024

Could you let me know which config do you work ? I have facing problem too .

Marvin Rhoads · ‎12-04-2024

@ymyat804 you are replying to a 12 year old thread. Please create a new thread with your details included.