Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15042
Views
5
Helpful
31
Replies

Cannot Open ASDM

Go to solution
dancumming
Level 1
Level 1

‎03-21-2011 09:29 AM - edited ‎03-11-2019 01:09 PM

Good afternoon,

We are running a Cisco ASA 5510 in our district.  We have been using it for about a year and a half after an upgrade from our PIX.  I have been using the CLI to manage it but I wanted to start using the ASDM.  I installed the ASDM Launcher last Friday but could not access it.  I have enable the http server on the ASA, assigned an IP to the interface, and granted my machine's IP inside access.  On Friday I was unable to launch the ASDM.  I then downgraded Java.  I came in this morning and was able to connect through the launcher.  However I could not make any changes as it would give me an error message and often popped up with "lost connection" type messages.  I then closed the ASDM but could not reconnect after that.  When I try to connect through the launcher I receive the message "Unable to launch ASDM from 172.16.5.1: Connection reset".  When I try https://172.16.5.1/admin/ from a browser I simply receive "page cannot be displayed".  I'm not sure why I can't connect.  Any help would be appreciated.  Thank you!

Java Version 1.5.0 (build 1.5.0_14-b03)

Cisco ASDM Launcher v1.5(20)

Bordentown-PIX# show version

Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)

Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
Config file at boot was "startup-config"

Bordentown-PIX up 1 year 209 days

Hardware:   ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode   : ☻CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode  : ☺CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0         : address is 0021.a0af.d9e2, irq 9
1: Ext: Ethernet0/1         : address is 0021.a0af.d9e3, irq 9
2: Ext: Ethernet0/2         : address is 0021.a0af.d9e4, irq 9
3: Ext: Ethernet0/3         : address is 0021.a0af.d9e5, irq 9
4: Ext: Management0/0       : address is 0021.a0af.d9e6, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Standby
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Security Contexts           : 0
GTP/GPRS                    : Disabled
VPN Peers                   : 150

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1305L2YF
Running Activation Key: 0xa83ec371 0xbc981d82 0x18c1251c 0xabb850fc 0x80023795
Configuration register is 0x1
Configuration last modified by enable_15 at 08:44:08.343 UTC Mon Mar 21 2011
Bordentown-PIX# dir

Directory of disk0:/

5      -rw-  5548032     00:06:12 Jan 01 2003  asa708-k8.bin
683    drw-  0           07:54:54 Jan 31 2009  crypto_archive
685    -rw-  6163744     07:57:46 Jan 31 2009  asdm-508.bin

255426560 bytes total (243621888 bytes free)
Bordentown-PIX# sh asdm image
Device Manager image file, disk0:/asdm-508.bin

Dan

Labels:
0 Helpful
31 Replies 31

Go to solution
dancumming
Level 1
Level 1
In response to Shrikant Sundaresh

‎03-22-2011 05:18 AM

Shrikant, that worked!  Here's what I did.

I ran the "show run http" command and deleted all of the following entries.


Bordentown-PIX# show run http
http server enable
http 172.16.1.41 255.255.255.255 inside -old proxy server, not needed
http 172.16.1.200 255.255.255.255 inside -service_2
http 172.16.1.11 255.255.255.255 inside -brsdnas
http 172.16.1.53 255.255.255.255 inside -trane (MIS) BCU, not needed
http 172.16.4.183 255.255.255.255 inside -my dynamic address
http 172.16.1.226 255.255.255.255 inside -my old pc
http 172.16.0.0 255.255.0.0 inside

I then ran the following commands

It would not allow me to specifiy a port, so I simply had to run

http server enable

Then I ran

http 0 0 inside

I could then open https://172.16.5.1/admin/ from a web browser.  This is the first time that was possible.

Thank you Shrikant and thanks to everyone for all of the help!  It is much appreciated.

0 Helpful

Go to solution
Shrikant Sundaresh
Cisco Employee
Cisco Employee
In response to dancumming

‎03-22-2011 05:27 AM

It was no problem at all Dan.

Though it still makes me wonder why it wasn't working earlier.

I think in the older versions there might have been an issue with overlapping subnets.

So if a particular ip was included in two of the http xx yy zz commands, then it would cause an issue.

So the http 172.16.0.0 255.255.0.0 also included the other /32 entries.

If you feel like digging into the matter more, you can remove the http 0 0 and replace it with http 172.16.0.0 255.255.0.0

I think it would still work.

Anyway, its great to know that the ASDM is working fine now.

-Shrikant

P.S.: please mark this thread as resolved if you feel your query is resolved. Do rate helpful posts. Thanks.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card