08-17-2021 10:44 AM - edited 08-17-2021 10:48 AM
2 Cisco ASA 5520 - 1 primary, 1 backup, using a laptop to console in
1st problem:
the 'http server enable' command is on the running-config of this ASA. also, the command 'ssh 192.168.1.0 255.255.255.0 management' exists in the running-config. I then connect a laptop to the mgmt port. I am using 192.168.1.204 with GW: 192.168.1.1 which is the management IP address. I can ping from the ASA back to the laptop, and from the laptop to the ASA. I have an ethernet going from laptop to management port. I then open my browser and go to http://192.168.1.1 and https://192.168.1.1 just for good measure and neither responds. I then try to use the ASDM launcher itself previously installed on the laptop and it says 'cannot connect to device manager'
08-17-2021 10:58 AM
Hi @rkoloj
You appear to be permitting SSH from 192.168.1.0 network, but do you have "http 192.168.1.0 255.255.255.0 management" configured also?
Do you have the ASDM image installed on the ASA?
08-17-2021 11:13 AM
Yes this command is in the running configuration
08-17-2021 11:06 AM - edited 08-17-2021 11:06 AM
Hi @rkoloj,
Please go through this post.
You'll also need to define login method like 'aaa authentication http console LOCAL'.
After that, and in case you have up to date Java, you'll probably face an issue (since Java 1.8.0_291), in which new Java block TLS v1.0 and v1.1, while legacy ASA IOS (such as 5520) can support only v1.0. You'll have to re-enable Java TLS v1.0 in Java console and also to modify property 'jdk.tls.disabledAlgorithms' in 'C:\Program Files\Java\jre1.8.0_291\lib\security\java.security' so that it doesn't block TLSv1 and/or v1.1.
BR
Milos
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: