03-21-2011 09:29 AM - edited 03-11-2019 01:09 PM
Good afternoon,
We are running a Cisco ASA 5510 in our district. We have been using it for about a year and a half after an upgrade from our PIX. I have been using the CLI to manage it but I wanted to start using the ASDM. I installed the ASDM Launcher last Friday but could not access it. I have enable the http server on the ASA, assigned an IP to the interface, and granted my machine's IP inside access. On Friday I was unable to launch the ASDM. I then downgraded Java. I came in this morning and was able to connect through the launcher. However I could not make any changes as it would give me an error message and often popped up with "lost connection" type messages. I then closed the ASDM but could not reconnect after that. When I try to connect through the launcher I receive the message "Unable to launch ASDM from 172.16.5.1: Connection reset". When I try https://172.16.5.1/admin/ from a browser I simply receive "page cannot be displayed". I'm not sure why I can't connect. Any help would be appreciated. Thank you!
Java Version 1.5.0 (build 1.5.0_14-b03)
Cisco ASDM Launcher v1.5(20)
Bordentown-PIX# show version
Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)
Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
Config file at boot was "startup-config"
Bordentown-PIX up 1 year 209 days
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : ☻CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0 : address is 0021.a0af.d9e2, irq 9
1: Ext: Ethernet0/1 : address is 0021.a0af.d9e3, irq 9
2: Ext: Ethernet0/2 : address is 0021.a0af.d9e4, irq 9
3: Ext: Ethernet0/3 : address is 0021.a0af.d9e5, irq 9
4: Ext: Management0/0 : address is 0021.a0af.d9e6, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 150
This platform has an ASA 5510 Security Plus license.
Serial Number: JMX1305L2YF
Running Activation Key: 0xa83ec371 0xbc981d82 0x18c1251c 0xabb850fc 0x80023795
Configuration register is 0x1
Configuration last modified by enable_15 at 08:44:08.343 UTC Mon Mar 21 2011
Bordentown-PIX# dir
Directory of disk0:/
5 -rw- 5548032 00:06:12 Jan 01 2003 asa708-k8.bin
683 drw- 0 07:54:54 Jan 31 2009 crypto_archive
685 -rw- 6163744 07:57:46 Jan 31 2009 asdm-508.bin
255426560 bytes total (243621888 bytes free)
Bordentown-PIX# sh asdm image
Device Manager image file, disk0:/asdm-508.bin
Dan
Solved! Go to Solution.
03-22-2011 12:18 AM
Hi Dan,
When the page does not display anything at all, this means that the PIX is not listening on port 443 on the interface.
To my knowledge, the "show asp table socket" command, is not available in v 7.0(8), and thus I think we would not be able to see if this is true or not.
So lets try to make it listen on one of the other ports.
Do "show run http" and remove every line that comes up. (no http server enable, and no http xx yy inside for all)
Now enter the following 2 lines:
http server enable 4443 (some other port, if this is being used for something else)
http 0 0 inside (for now everything on inside can try accessing)
Now please try accessing the device from your browser: https://172.16.5.1:4443/admin and see if the site opens.
03-21-2011 09:51 AM
have you tried from another PC or laptop? This really seems to be a java problem.
03-21-2011 10:40 AM
Tried updating my Java version and a different computer. Same result. Using the ASDM launcher I get the following error on the first attempt. The attempts after that I recieve the connection reset error.
Unable to launch ASDM from 172.16.5.1:
Connection reset by peer: socket write error
03-21-2011 10:41 AM
Not sure that I understand what you are saying by "I assigned an IP address to the interface". Wouldnt that be already there because you have been using the device for awhile? What is the name you gave to that interface? You should already have an inside correct?
Also you don't need to put the "/admin" at the end of the URL. Only if you enabled SSL termination on the inside interface would you need that.
Sent from Cisco Technical Support iPhone App
03-21-2011 10:44 AM
what is the IP of the ASA that you are trying to connect? Can you share the show run http?
03-21-2011 10:47 AM
The IP is 172.16.5.1
Bordentown-PIX# show run http
http server enable
http 172.16.0.0 255.255.255.255 inside
http 172.16.1.41 255.255.255.255 inside
http 172.16.1.200 255.255.255.255 inside
http 172.16.1.11 255.255.255.255 inside
http 172.16.1.53 255.255.255.255 inside
http 172.16.4.183 255.255.255.255 inside
http 172.16.1.226 255.255.255.255 inside
03-21-2011 10:45 AM
You are correct, the interface already had an address. Sorry, my wording was a little confusing. The interface is ethernet0/1 and it is inside. I was using /admin as I saw it on another post but I have tried it without. It still gives me a "Internet Explorer cannot display the webpage" error.
03-21-2011 10:51 AM
Did you do http or https? Http will not work unless you have port redirection configured. Must use https://
Try that..
Sent from Cisco Technical Support iPhone App
03-21-2011 10:53 AM
Yes, I have been using https. I have tried both of the following
03-21-2011 10:57 AM
What host IP address are you coming from? In the list the top one shows a host mask for the 172.16.0.0 network and the rest are host addresses.
Did you mean to put a 172.16.0.0 255.255.0.0 inside for that line?
Sent from Cisco Technical Support iPhone App
03-21-2011 11:06 AM
The host I am coming in from is 172.16.4.183. Do I need to change that entry?
03-21-2011 11:09 AM
your IP is already allowed. have you tried rebooting the ASA?
03-21-2011 11:12 AM
Try the reboot.. Sometimes in the older code, ASDM does not take effect untill there is a reboot of the device. Just something I have run into..
03-21-2011 11:21 AM
Just tried the reboot, no luck.
03-21-2011 11:24 AM
Pls post the configuration and the dir outputs..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide