Re: Cannot open ASA through ASDM but I can open it through SSH

Luis Carranza · ‎10-05-2010

Hi guys

I have a problem right now, in fact I was searching for all the forum and I couldn't find any topic that could help me. Let me explaing you the situation: I got 2 firewalls which are connected as failover, the problem is with the ACTIVE device because I can access through SSH but if I'm trying to open it via ASDM it brings me an error UNABLE TO LAUNCH DEVICE MANAGER FROM X.X.X.X. I'm running the latest version of ASDM 8.2(2)17 in fact we already rewrite the file in the firewall but the problem is still there. And about the other device, I mean the one that is as STANDBY is working fine I'm able to access through ASDM and SSH and we already compare it and both have the same configuration.

So if you have any suggestion I will apreciate it.

Regards

mirober2 · ‎10-05-2010

Hi Luis,

This document may help you troubleshoot:

https://supportforums.cisco.com/docs/DOC-13012

Things to check are the output of 'show run http', 'show run asdm', 'show flash', and 'show ver'. You can also enable 'debug http', which may provide some insight into what the problem is. Also, you might try connecting from a different PC to rule out any client or Java issues.

If the above document doesn't help, please post the output of all the above commands.

-Mike

Luis Carranza · ‎10-05-2010

Hi mirober2

I already check link that you gave but it didn't work, here are the results of the commands

sat320a-asa5520-1# sh run asdm
asdm image disk0:/asdm-634.bin
asdm history enable

sat320a-asa5520-1# sh flash
--#-- --length-- -----date/time------ path
    3 8192        Oct 08 2009 11:00:52 log
   41 4181246     Dec 31 2002 18:08:08 securedesktop-asa-3.2.1.103-k9.pkg
   42 398305      Dec 31 2002 18:08:30 sslclient-win-1.1.0.154.pkg
   10 8192        Apr 16 2009 16:02:20 crypto_archive
   44 14503836    Oct 04 2010 17:30:21 asdm-634.bin
   45 11348300    Oct 08 2009 10:58:52 asdm-621.bin
   11 8192        Oct 08 2009 11:02:16 coredumpinfo
   12 43          Jul 12 2010 05:30:42 coredumpinfo/coredump.cfg
   46 8192        Oct 23 2009 21:05:40 tmp
   47 2118        Feb 27 2010 01:29:44 old_running.cfg
   48 1323        Feb 27 2010 01:29:44 admin.cfg
   49 82759       Oct 04 2010 17:12:06 SAT-VPN.cfg
   50 2177        Oct 01 2010 16:20:10 SAT-VIVA.cfg
   51 16293888    Jul 12 2010 05:29:56 asa821-3-k8.bin
   52 16478208    Oct 01 2010 15:12:10 asa822-17-k8.bin

sat320a-asa5520-1/SAT-VPN# sh run | i http
service-object tcp eq https
service-object tcp eq https
service-object tcp eq https
http server enable
http 189.206.211.0 255.255.255.0 inside
http 189.206.214.0 255.255.255.0 inside

sat320a-asa5520-1# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(2)17
Device Manager Version 6.3(4)

Compiled on Wed 26-May-10 19:02 by builders
System image file is "disk0:/asa822-17-k8.bin"
Config file at boot was "startup-config"

sat320a-asa5520-1 up 3 days 19 hours
failover cluster up 220 days 8 hours

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0 : address is 0024.9750.3bb8, irq 9
1: Ext: GigabitEthernet0/1 : address is 0024.9750.3bb9, irq 9
2: Ext: GigabitEthernet0/2 : address is 0024.9750.3bba, irq 9
3: Ext: GigabitEthernet0/3 : address is 0024.9750.3bbb, irq 9
4: Ext: Management0/0       : address is 0024.9750.3bb7, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
Security Contexts              : 5
GTP/GPRS                       : Disabled
SSL VPN Peers                  : 2
Total VPN Peers                : 750
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled

This platform has an ASA 5520 VPN Plus license.

Regards

mirober2 · ‎10-05-2010

Hi Luis,

Did you try from another PC in the 189.206.211.0 or 189.206.214.0 subnets? What does the output of 'debug http' show when you try to connect?

-Mike

Luis Carranza · ‎10-05-2010

Hi

Well about your question of trying to access from a pc on the network 189.206.211.x well that's where I'm trying to access =S

And I was checking the debug http but it doesn't bring me anything.

Regards

Namit Agarwal · ‎10-05-2010

Hi,

Are you using the ASDM launcher to start the ASDM ? Have you tried accessing the GUI by putting the URL in the browser

https://

Thanks,

Namit

Luis Carranza · ‎10-05-2010

Yes I already try that but I getting the error of PAGE CANNOT BE DISPLA, any other suggestion?? =(

Regards

rmavila · ‎10-05-2010

Hi Luis,

Can you also copy paste the java logs that you get when you start the connection from the ASDM launcher. Click on the 'cup' icon on the right bottom corner of the ASDM launcher where you enter your credentials and press 5 to get the debugs on the screen. Then enter your credentials and try to log into ASDM.

Reagrds,

Rahul

Luis Carranza · ‎10-05-2010

Here is the output of the Java

Local Launcher Version = 1.5.50
Local Launcher Version Display = 1.5(50)
OK button clicked
Trying for ASDM Version file; url = https://10.7.9.20/admin/
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read1(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
    at com.cisco.launcher.y.a(Unknown Source)
    at com.cisco.launcher.y.if(Unknown Source)
    at com.cisco.launcher.r.a(Unknown Source)
    at com.cisco.launcher.s.do(Unknown Source)
    at com.cisco.launcher.s.null(Unknown Source)
    at com.cisco.launcher.s.new(Unknown Source)
    at com.cisco.launcher.s.access$000(Unknown Source)
    at com.cisco.launcher.s$2.a(Unknown Source)
    at com.cisco.launcher.g$2.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Trying for IDM. url=https://10.7.9.20/idm/idm.jnlp/
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read1(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at com.cisco.launcher.w.a(Unknown Source)
    at com.cisco.launcher.s.for(Unknown Source)
    at com.cisco.launcher.s.new(Unknown Source)
    at com.cisco.launcher.s.access$000(Unknown Source)
    at com.cisco.launcher.s$2.a(Unknown Source)
    at com.cisco.launcher.g$2.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Regards

Luis Carranza · ‎10-05-2010

I made a mistake I have the ASDM version 6.3(4)

Regards

rmavila · ‎10-05-2010

Can you give the command " ssl encryption aes128-sha1" on the ASA and try.

Luis Carranza · ‎10-05-2010

I already try the command but it didn't work =S and the same log appear on the java console.

Regards

rmavila · ‎10-05-2010

Do you have webvpn enabled on the ASA ? Also what is the error when you get when you try to access the GUI via the browser as suggested by Namit ?

Regards

Rahul

kumail.haider · ‎06-20-2018

Thanks Rmavila
This command works for me on
ASA 5520
Version 9.1(5)16
ASDM 7.3
Java Version latest
-----------------------------------------------------------
I was having the problem to connect with Asdm and having this logs in JAVA
java.net.SocketException: Connection reset
I tried many things but only work that command
ssl encryption aes128-sha1

Thanks

Namit Agarwal · ‎10-05-2010

Hi,

Please paste the output of the following command

show bootvar

show asdm image

sh flash

sh run | in http

Thanks,

Namit