03-21-2011 09:29 AM - edited 03-11-2019 01:09 PM
Good afternoon,
We are running a Cisco ASA 5510 in our district. We have been using it for about a year and a half after an upgrade from our PIX. I have been using the CLI to manage it but I wanted to start using the ASDM. I installed the ASDM Launcher last Friday but could not access it. I have enable the http server on the ASA, assigned an IP to the interface, and granted my machine's IP inside access. On Friday I was unable to launch the ASDM. I then downgraded Java. I came in this morning and was able to connect through the launcher. However I could not make any changes as it would give me an error message and often popped up with "lost connection" type messages. I then closed the ASDM but could not reconnect after that. When I try to connect through the launcher I receive the message "Unable to launch ASDM from 172.16.5.1: Connection reset". When I try https://172.16.5.1/admin/ from a browser I simply receive "page cannot be displayed". I'm not sure why I can't connect. Any help would be appreciated. Thank you!
Java Version 1.5.0 (build 1.5.0_14-b03)
Cisco ASDM Launcher v1.5(20)
Bordentown-PIX# show version
Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)
Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
Config file at boot was "startup-config"
Bordentown-PIX up 1 year 209 days
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : ☻CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0 : address is 0021.a0af.d9e2, irq 9
1: Ext: Ethernet0/1 : address is 0021.a0af.d9e3, irq 9
2: Ext: Ethernet0/2 : address is 0021.a0af.d9e4, irq 9
3: Ext: Ethernet0/3 : address is 0021.a0af.d9e5, irq 9
4: Ext: Management0/0 : address is 0021.a0af.d9e6, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Standby
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : 150
This platform has an ASA 5510 Security Plus license.
Serial Number: JMX1305L2YF
Running Activation Key: 0xa83ec371 0xbc981d82 0x18c1251c 0xabb850fc 0x80023795
Configuration register is 0x1
Configuration last modified by enable_15 at 08:44:08.343 UTC Mon Mar 21 2011
Bordentown-PIX# dir
Directory of disk0:/
5 -rw- 5548032 00:06:12 Jan 01 2003 asa708-k8.bin
683 drw- 0 07:54:54 Jan 31 2009 crypto_archive
685 -rw- 6163744 07:57:46 Jan 31 2009 asdm-508.bin
255426560 bytes total (243621888 bytes free)
Bordentown-PIX# sh asdm image
Device Manager image file, disk0:/asdm-508.bin
Dan
Solved! Go to Solution.
03-22-2011 05:18 AM
Shrikant, that worked! Here's what I did.
I ran the "show run http" command and deleted all of the following entries.
Bordentown-PIX# show run http
http server enable
http 172.16.1.41 255.255.255.255 inside -old proxy server, not needed
http 172.16.1.200 255.255.255.255 inside -service_2
http 172.16.1.11 255.255.255.255 inside -brsdnas
http 172.16.1.53 255.255.255.255 inside -trane (MIS) BCU, not needed
http 172.16.4.183 255.255.255.255 inside -my dynamic address
http 172.16.1.226 255.255.255.255 inside -my old pc
http 172.16.0.0 255.255.0.0 inside
I then ran the following commands
It would not allow me to specifiy a port, so I simply had to run
http server enable
Then I ran
http 0 0 inside
I could then open https://172.16.5.1/admin/ from a web browser. This is the first time that was possible.
Thank you Shrikant and thanks to everyone for all of the help! It is much appreciated.
03-22-2011 05:27 AM
It was no problem at all Dan.
Though it still makes me wonder why it wasn't working earlier.
I think in the older versions there might have been an issue with overlapping subnets.
So if a particular ip was included in two of the http xx yy zz commands, then it would cause an issue.
So the http 172.16.0.0 255.255.0.0 also included the other /32 entries.
If you feel like digging into the matter more, you can remove the http 0 0 and replace it with http 172.16.0.0 255.255.0.0
I think it would still work.
Anyway, its great to know that the ASDM is working fine now.
-Shrikant
P.S.: please mark this thread as resolved if you feel your query is resolved. Do rate helpful posts. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide