Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
5
Helpful
4
Replies

Cannot access ASA 5505

Michael Rodriguez
Level 1
Level 1

‎06-03-2014 08:59 AM - edited ‎03-11-2019 09:16 PM

Hello,

Recently updated (27 May 14) ASA 5505 to ASA 9.2(1) and ASDM 7.2(1) with out issue and have been able to manage via ASDM, well.. Until this morning.

"Unable to launch device manager from 192.168.X.X" when launching ASDM

"Page cannot be displayed" from IE or Chrome (Chromium).

Network operations seem to be working fine as we have internet and VPN access.

I have bounced the ASA 5505 a couple of times waiting about a min in between.

Any one else?  Ideas?

 

Thank you,

MRodriguez

 

 

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2014 09:23 AM

From the console (or ssh command line interface), please provide the output of:

show ver | i 3DES

show run asdm

show run http

show run ssl

dir

We would be looking for:

1. the activation key to include 3DES-AES license;

2. an ASDM image to be specified;

3. the http(s) server (used by ASDM) to be enabled and allowing access from the designated hosts;

4. ssl encryption algorithms to include 3des or higher; and

5. the ASDM image specified in #1 to be present on the device.

0 Helpful

Michael Rodriguez
Level 1
Level 1
In response to Marvin Rhoads

‎06-03-2014 10:36 AM

As requested:

 

ciscoasa-flbk# sh ver | i 3DES
Encryption-3DES-AES               : Enabled        perpetual

ciscoasa-flbk# sh run asdm
asdm image disk0:/asdm-721.bin
asdm history enable


ciscoasa-flbk# sh run http
http server enable
http server idle-timeout 15
http server session-timeout 15
http 0.0.0.0 0.0.0.0 inside


ciscoasa-flbk# sh run http
http server enable
http server idle-timeout 15
http server session-timeout 15
http 0.0.0.0 0.0.0.0 inside
ciscoasa-flbk# sh run ssl
ssl trust-point ASDM_TrustPoint1 outside

 

ciscoasa-flbk# dir

Directory of disk0:/

105    -rwx  35167466     09:45:38 May 27 2014  anyconnect-win-3.1.05152-k9.pkg
106    -rwx  30431232     07:18:48 May 27 2014  asa921-k8.bin
107    -rwx  24095116     07:19:44 May 27 2014  asdm-721.bin
22     drwx  4096         09:53:18 Feb 03 2014  crypto_archive
109    drwx  4096         09:18:34 Jan 30 2014  sdesktop
110    -rwx  2281         10:54:38 Jan 27 2014  EDSI_AnnyConnect_VPN_client_profile.xml
10     drwx  4096         12:10:54 Aug 12 2011  log
23     drwx  4096         16:10:00 May 02 2014  coredumpinfo

127111168 bytes total (36474880 bytes free)

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Michael Rodriguez

‎06-03-2014 11:52 AM

Try adding this line to your config:

ssl encryption 3des-sha1 aes128-sha1 aes256-sha1

It will make sure the ASA uses strong ciphers when a client tries to access ASDM.

Michael Rodriguez
Level 1
Level 1
In response to Marvin Rhoads

‎06-06-2014 08:35 AM

Hello and thank you,

I have added ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 as suggested.

Issues remains, cannot access ASA via ASDM... But we continue to operate with out issue.  In the meantime I have found and downloaded Cisco Chapter 37 - configuring Management Access which steps through the setup/configuration of Telnet, SSH, etc..

Thanks again for the assistance.

 

P.S. Just access via ASDM.......... Not sure what changed, system accessing did not change and I have not started on Ch 37 changes.

 

Michael Rodriguez

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card