Can't GUI into Cisco ASA 5520 & persistent log -- can't login

rkoloj · ‎08-17-2021

2 Cisco ASA 5520 - 1 primary, 1 backup, using a laptop to console in

1st problem:

the 'http server enable' command is on the running-config of this ASA. also, the command 'ssh 192.168.1.0 255.255.255.0 management' exists in the running-config. I then connect a laptop to the mgmt port. I am using 192.168.1.204 with GW: 192.168.1.1 which is the management IP address. I can ping from the ASA back to the laptop, and from the laptop to the ASA. I have an ethernet going from laptop to management port. I then open my browser and go to http://192.168.1.1 and https://192.168.1.1 just for good measure and neither responds. I then try to use the ASDM launcher itself previously installed on the laptop and it says 'cannot connect to device manager'

Rob Ingram · ‎08-17-2021

Hi @rkoloj

You appear to be permitting SSH from 192.168.1.0 network, but do you have "http 192.168.1.0 255.255.255.0 management" configured also?

Do you have the ASDM image installed on the ASA?

rkoloj · ‎08-17-2021

Yes this command is in the running configuration

Milos_Jovanovic · ‎08-17-2021

Hi @rkoloj,

Please go through this post.

You'll also need to define login method like 'aaa authentication http console LOCAL'.

After that, and in case you have up to date Java, you'll probably face an issue (since Java 1.8.0_291), in which new Java block TLS v1.0 and v1.1, while legacy ASA IOS (such as 5520) can support only v1.0. You'll have to re-enable Java TLS v1.0 in Java console and also to modify property 'jdk.tls.disabledAlgorithms' in 'C:\Program Files\Java\jre1.8.0_291\lib\security\java.security' so that it doesn't block TLSv1 and/or v1.1.

BR

Milos