cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7471
Views
4
Helpful
18
Replies

Cannot Access ASDM Website

Jason Van Assen
Level 1
Level 1

Hi,

I've received two Cisco ASA 5505 and am unable to connect to the ASDM website on either. Ive done all the basics and but something is clearly wrong somewhere considering its happening on both.

With the default settings on the ASA I am able to ping the ASA from the laptop and vice verse however when trying to browse to https://192.168.1.1 nothing happens at all, no errors etc. IE just shows that the page cannot be displayed, have even tried chrome. Java is installed.

See running-config below:

ASA Version 8.4(5)
!
hostname ciscoasa


names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options

As you can see the http server is enabled. Something really odd or stupid is going on, any suggestions would be much appreciated.

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Is this present in the config?: ssl encryption 3des-sha1 aes128-sha1

View solution in original post

18 Replies 18

Shaoqin Li
Level 3
Level 3

'no webvpn' and try again?

Sent from Cisco Technical Support iPhone App

I tried "no webvpn" command and then write mem. Still no luck browsing to the ASDM.

The ASA came with an ASDM image onit obviously and i have also tried downgrading the ASDM and ASA's to a much older version, still not luck.

I even loaded an ASA & ASDM image onto the ASA device and loaded a config from a live ASA we have here onto this but still no luck.

malshbou
Level 1
Level 1

Did you upload an ASDM image to the ASA and configure it "asdm image flash:/ ..."  ?

Regards,
Mashal Alshboul

------------------ Mashal Shboul

Hi Jason,

You need to define path of ASDM where it is located in flash?

Regards

Mahesh

This has been done also:

asdm image disk0:/asdm-711-52.bin

pankaj29in
Level 1
Level 1

Hi jason,

Please follow below link.

http://www.cisco.com/en/US/products/ps6121/products_tech_note09186a0080aaeff5.shtml

Remember to rate all of the helpful posts.

Regards

Pankaj

Hi,


Thanks for this link but none of the issues in there are the issue im having.

Thank you all for your help so far, no luck yet though....

hi jason,

try using ASDM 7.1(3) instead.

see compatibility matrix below:

http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html

Thanks John, il give this a go also

Is this present in the config?: ssl encryption 3des-sha1 aes128-sha1

Not as far as i can see......

Is this something that should be there?

Thanks

It is.

Thanks Andrew, through your hint ive finally got it working after quite a few days.

Upon entering "ssl encryption 3des-sha1 aes128-sha1"

i was getting the following error: "The 3DES/AES algorithms require a VPN-3DES-AES activation key."

I googled this error and came across the following article http://www.booches.nl/2010/12/cisco-asa-web-interface-not-working/

which mentioned about installing this VPN-3DES-AES activation key. I went onto this Cisco site and requested this activation key and after installing the key that was sent to me and then re running the ssl encryption key i can finally get onto the ASDM.

I dont fully understand why this was needed and havent had to do this before in my limited experience with ASA's could some perhaps break this down for me and give me a little explanation. Would be much appreciated.

Looks like you didnt go though the document which i gave you earlier ..

same was there too.

Regards

Pankaj

Review Cisco Networking for a $25 gift card