Solved: Cannot Open ASDM - Page 2

dancumming · ‎03-21-2011

Good afternoon,

We are running a Cisco ASA 5510 in our district. We have been using it for about a year and a half after an upgrade from our PIX. I have been using the CLI to manage it but I wanted to start using the ASDM. I installed the ASDM Launcher last Friday but could not access it. I have enable the http server on the ASA, assigned an IP to the interface, and granted my machine's IP inside access. On Friday I was unable to launch the ASDM. I then downgraded Java. I came in this morning and was able to connect through the launcher. However I could not make any changes as it would give me an error message and often popped up with "lost connection" type messages. I then closed the ASDM but could not reconnect after that. When I try to connect through the launcher I receive the message "Unable to launch ASDM from 172.16.5.1: Connection reset". When I try https://172.16.5.1/admin/ from a browser I simply receive "page cannot be displayed". I'm not sure why I can't connect. Any help would be appreciated. Thank you!

Java Version 1.5.0 (build 1.5.0_14-b03)

Cisco ASDM Launcher v1.5(20)

Bordentown-PIX# show version

Cisco Adaptive Security Appliance Software Version 7.0(8)
Device Manager Version 5.0(8)

Compiled on Sat 31-May-08 23:48 by builders
System image file is "disk0:/asa708-k8.bin"
Config file at boot was "startup-config"

Bordentown-PIX up 1 year 209 days

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode   : ☻CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0         : address is 0021.a0af.d9e2, irq 9
1: Ext: Ethernet0/1         : address is 0021.a0af.d9e3, irq 9
2: Ext: Ethernet0/2         : address is 0021.a0af.d9e4, irq 9
3: Ext: Ethernet0/3         : address is 0021.a0af.d9e5, irq 9
4: Ext: Management0/0       : address is 0021.a0af.d9e6, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs               : 25
Inside Hosts                : Unlimited
Failover                    : Active/Standby
VPN-DES                     : Enabled
VPN-3DES-AES                : Enabled
Security Contexts           : 0
GTP/GPRS                    : Disabled
VPN Peers                   : 150

This platform has an ASA 5510 Security Plus license.

Serial Number: JMX1305L2YF
Running Activation Key: 0xa83ec371 0xbc981d82 0x18c1251c 0xabb850fc 0x80023795
Configuration register is 0x1
Configuration last modified by enable_15 at 08:44:08.343 UTC Mon Mar 21 2011
Bordentown-PIX# dir

Directory of disk0:/

5      -rw- 5548032     00:06:12 Jan 01 2003 asa708-k8.bin
683    drw- 0           07:54:54 Jan 31 2009 crypto_archive
685    -rw- 6163744     07:57:46 Jan 31 2009 asdm-508.bin

255426560 bytes total (243621888 bytes free)
Bordentown-PIX# sh asdm image
Device Manager image file, disk0:/asdm-508.bin

Dan

PAUL GILBERT ARIAS · ‎03-21-2011

silly question. can you ping the ASA from your PC?

Have tried connecting from another interface or from a host on the same subnet as the inside interface? remember to allow http access for the IPs you source the tests.

dancumming · ‎03-21-2011

Paul, not a silly question since it is behaving like I wouldn't be able to ping the address!

But yes, I am able to ping the address of the ASA

Bordentown-PIX# dir

Directory of disk0:/

5      -rw- 5548032     00:06:12 Jan 01 2003 asa708-k8.bin
683    drw- 0           07:54:54 Jan 31 2009 crypto_archive
685    -rw- 6163744     07:57:46 Jan 31 2009 asdm-508.bin

255426560 bytes total (243621888 bytes free)

Bordentown-PIX# show run
: Saved
:
ASA Version 7.0(8)
!
hostname Bordentown-PIX
domain-name bordentown.k12.nj.us
enable password A8EW9svYyTEcA4Ua encrypted
passwd A8EW9svYyTEcA4Ua encrypted
no names
name 172.16.1.41 BRSDPROXY
name 172.16.1.253 Voice_conf
name 208.39.161.68 Voice_conf_out
name 172.16.1.8 bordentownfs2
name 172.16.1.43 btprx
name 172.16.1.6 pri_ComCastMail
name 172.16.1.201 pri_bordentodell1
name 172.16.1.22 pri_brvstream
name 172.16.1.26 pri_remoteacc
name 172.16.1.200 pri_service_2
name 208.39.161.70 pub_ComCastMail
name 208.39.161.67 pub_bordentdell1

name 208.39.161.73 pub_bordentownfs2
name 208.39.161.72 pub_brvstream
name 208.39.161.76 pub_bsdinfosys
name 208.39.161.74 pub_remoteacc
name 208.39.161.69 pub_service_2
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 208.39.161.66 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.5.1 255.255.0.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
object-group service wwww tcp
port-object eq www
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp any any
access-list inside_access_in extended permit tcp host 172.16.1.22 eq 8002 any
access-list inside_access_in extended permit tcp host 172.16.1.22 eq domain any
access-list inside_access_in extended permit tcp host 172.16.1.22 eq www any
access-list inside_access_in extended permit tcp host 172.16.1.135 eq https any
access-list inside_access_in extended permit tcp host 172.16.1.135 eq www any
access-list acl_in extended permit icmp any any
access-list acl_out extended permit icmp any any
access-list acl_out extended permit ip host 172.16.1.22 any
access-list acl_out extended permit ip host 172.16.1.43 any
access-list acl_out extended permit ip host 172.16.1.201 any
access-list acl_out extended permit ip host 172.16.1.51 any
access-list acl_out extended permit ip host 172.16.1.52 any
access-list acl_out extended permit ip host 172.16.1.53 any
access-list acl_out extended permit tcp any host 208.39.161.72 eq www
access-list acl_out extended permit ip host 172.16.1.226 any
access-list acl_out extended permit ip host 172.16.1.242 any
access-list acl_out extended permit ip host 172.16.1.1 any
access-list acl_out extended permit ip host 172.16.2.9 any
access-list acl_out extended permit ip host 172.16.1.6 any
access-list acl_out extended permit ip host 172.16.1.8 any
access-list acl_out extended permit ip host 172.16.1.35 any
access-list acl_out extended permit ip host 172.16.1.41 any
access-list acl_out extended permit ip host 172.16.1.230 any
access-list acl_out extended permit ip host 172.16.1.231 any
access-list acl_out extended permit ip host 172.16.1.200 any
access-list acl_out extended permit ip host 172.16.1.48 any
access-list acl_out extended permit ip host 172.16.1.24 any
access-list acl_out extended permit ip host 172.16.1.26 any
access-list acl_out extended permit ip host 172.16.1.250 any
access-list acl_out extended permit ip host 172.16.3.36 any
access-list acl_out extended permit ip host 172.16.4.110 any
access-list acl_out extended permit ip host 172.16.1.240 any
access-list acl_out extended permit ip host 172.16.1.229 any
access-list acl_out extended permit ip host 192.168.0.2 any
access-list acl_out extended permit ip host 172.16.1.241 any
access-list acl_out extended permit ip host 172.16.1.221 any
access-list acl_out extended permit ip host 172.16.1.222 any
access-list acl_out extended permit ip host 172.16.1.223 any
access-list acl_out extended permit ip host 172.16.1.224 any
access-list acl_out extended permit ip host 172.16.1.225 any
access-list acl_out extended permit ip host 172.16.1.227 any
access-list acl_out extended permit ip host 172.16.1.228 any
access-list acl_out extended permit ip host 172.16.1.232 any
access-list acl_out extended permit ip host 172.16.1.233 any
access-list acl_out extended permit ip host 172.16.1.234 any
access-list acl_out extended permit ip host 172.16.1.235 any
access-list acl_out extended permit ip host 172.16.1.243 any
access-list acl_out extended permit ip host 172.16.2.118 any
access-list acl_out extended permit ip host 172.16.1.130 any
access-list acl_out extended permit ip host 172.16.1.131 any
access-list acl_out extended permit ip host 172.16.1.132 any
access-list acl_out extended permit ip host 172.16.1.7 any
access-list acl_out extended permit ip host 172.16.1.202 any
access-list acl_out extended permit ip host 192.168.0.3 any
access-list acl_out extended permit ip host 172.16.2.177 any
access-list acl_out extended permit ip host 172.16.1.253 any
access-list acl_out extended permit ip host 172.16.1.14 any
access-list acl_out extended permit tcp any host 172.16.3.135 eq 5806
access-list acl_out extended permit tcp any host 172.16.1.31 eq ssh
access-list acl_out extended permit ip host 172.16.5.17 any
access-list acl_out extended permit ip host 172.16.5.18 any
access-list acl_out extended permit ip host 172.16.1.135 any
access-list dns extended permit udp any any
access-list dnstcp extended permit tcp any any
access-list dmz_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 208.39.161.73 eq www
access-list outside_acl extended permit tcp any host 208.39.161.70 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.70 eq pop3
access-list outside_acl extended permit tcp any host 208.39.161.70 eq imap4
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 444
access-list outside_acl extended permit icmp any any
access-list outside_acl extended permit tcp any host 208.39.161.70 eq www
access-list outside_acl extended permit tcp any host 208.39.161.70 eq ssh
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.70 eq irc
access-list outside_acl extended permit tcp any host 208.39.161.72 eq www
access-list outside_acl extended permit tcp any host 208.39.161.74 eq www
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 8080
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1755
access-list outside_acl extended permit tcp any host 208.39.161.73 eq 3101
access-list outside_acl extended permit tcp any host 208.39.161.73 eq www
access-list outside_acl extended permit tcp any host 208.39.161.67 eq www
access-list outside_acl extended permit tcp any host 208.39.161.68 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.68 eq www
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 407
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1417
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1418
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1419
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1420
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1417
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1418
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1419
access-list outside_acl extended permit udp any host 208.39.161.76 eq 1420
access-list outside_acl extended permit udp any host 208.39.161.76 eq 407
access-list outside_acl extended permit tcp any host 208.39.161.76 eq https
access-list outside_acl extended permit tcp any host 208.39.161.76 eq www
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 7880
access-list outside_acl extended permit tcp any host 208.39.161.76 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 8080
access-list outside_acl extended permit udp any host 208.39.161.76 eq 8080
access-list outside_acl extended permit udp any host 208.39.161.72 eq 444
access-list outside_acl extended permit tcp any host 208.39.161.72 eq 444
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 444
access-list outside_acl extended permit udp any host 208.39.161.76 eq 444
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 4125
access-list outside_acl extended permit udp any host 208.39.161.76 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.70 eq https
access-list outside_acl extended permit udp any host 208.39.161.72 eq www
access-list outside_acl extended permit udp any host 208.39.161.70 eq 443
access-list outside_acl extended permit tcp any host 208.39.161.66 eq https
access-list outside_acl extended permit udp any host 208.39.161.66 eq 443
access-list outside_acl extended permit tcp any host 208.39.161.75 eq smtp
access-list outside_acl extended permit udp any host 208.39.161.75 eq 25
access-list outside_acl extended permit tcp any host 208.39.161.66 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.68 eq https
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 81
access-list outside_acl extended permit tcp any host 208.39.161.70 eq 6891
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 5641
access-list outside_acl extended permit udp any host 208.39.161.67 eq 5641
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 4550
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 5550
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 2512
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 2513
access-list outside_acl extended permit tcp any host 208.39.161.72 eq 1701
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1701
access-list outside_acl extended permit tcp any host 208.39.161.74 eq 1702
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1702
access-list outside_acl extended permit tcp any host 208.39.161.76 eq 1701
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 210
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 7090
access-list outside_acl extended permit tcp any host 208.39.161.67 eq 5151
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 210
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 7090
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 5151
access-list outside_acl extended permit tcp any host 208.39.161.68 eq h323
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 555
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 556
access-list outside_acl extended permit tcp any host 208.39.161.68 eq 1718
access-list outside_acl extended permit udp any host 208.39.161.68 eq 1719
access-list outside_acl extended permit tcp any host 208.39.161.71 eq https
access-list outside_acl extended permit tcp any host 208.39.161.69 eq smtp
access-list outside_acl extended permit tcp any host 208.39.161.69 eq pop3
access-list outside_acl extended permit tcp any host 208.39.161.69 eq imap4
access-list outside_acl extended permit tcp any host 208.39.161.69 eq www
access-list outside_acl extended permit tcp any host 208.39.161.69 eq citrix-ica

access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1604
access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1023
access-list outside_acl extended permit tcp any host 208.39.161.69 eq 1431
access-list outside_acl extended permit tcp any host 208.39.161.69 eq 8081
access-list outside_acl extended permit tcp any host 208.39.161.66 eq ftp
access-list outside_acl extended permit tcp any host 208.39.161.75 eq ftp
access-list outside_acl extended permit tcp any host 208.39.161.66 eq ftp-data
access-list outside_acl extended permit tcp any host 172.17.1.103 eq smtp
access-list outside_acl extended permit tcp any host 172.17.1.103 eq imap4
access-list outside_acl extended permit tcp any host 208.39.161.75 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.65 eq 4125
access-list outside_acl extended permit udp any host 208.39.161.65 eq 4125
access-list outside_acl extended permit udp any host 208.39.161.66 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.66 eq 4125
access-list outside_acl extended permit tcp any host 208.39.161.66 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.65 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.75 eq 3389
access-list outside_acl extended permit tcp any host 208.39.161.75 eq 5806
access-list outside_acl extended permit tcp any host 208.39.161.65 eq 5806
access-list outside_acl extended permit udp any host 208.39.161.65 eq 5806
access-list outside_acl extended permit udp any host 208.39.161.75 eq 5806
access-list outside_acl extended permit tcp any host 208.39.161.71 eq ssh
pager lines 24
logging list high-priority level errors
logging asdm informational
logging from-address administrator@bordentown.k12.nj.us
logging recipient-address administrator@bordentown.k12.nj.us level errors
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
no failover
asdm image disk0:/asdm-508.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (outside) 2 208.39.161.73 netmask 255.255.255.255
nat (inside) 3 172.16.1.7 255.255.255.255
nat (inside) 1 172.16.0.0 255.255.0.0
nat (inside) 1 172.17.0.0 255.255.0.0
nat (DMZ) 1 192.168.0.0 255.255.255.0
static (inside,outside) 208.39.161.74 172.16.1.26 netmask 255.255.255.255
static (inside,outside) 208.39.161.75 172.16.1.43 netmask 255.255.255.255
static (inside,outside) 208.39.161.67 172.16.1.201 netmask 255.255.255.255
static (inside,outside) 208.39.161.72 172.16.1.22 netmask 255.255.255.255
static (inside,outside) 208.39.161.69 172.16.1.200 netmask 255.255.255.255
static (inside,outside) 208.39.161.76 172.16.1.242 netmask 255.255.255.255
static (inside,outside) 208.39.161.70 172.16.1.6 netmask 255.255.255.255
static (inside,outside) 208.39.161.73 172.16.1.8 netmask 255.255.255.255
static (inside,outside) 208.39.161.68 172.16.1.35 netmask 255.255.255.255
static (inside,outside) 208.39.161.71 172.16.1.31 netmask 255.255.255.255
access-group outside_acl in interface outside
route outside 0.0.0.0 0.0.0.0 208.39.161.66 1
route inside 172.30.0.0 255.255.0.0 172.16.6.1 1
route inside 172.17.0.0 255.255.0.0 172.16.6.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication ssh console LOCAL
http server enable
http 172.16.0.0 255.255.255.255 inside
http 172.16.1.41 255.255.255.255 inside
http 172.16.1.200 255.255.255.255 inside
http 172.16.1.11 255.255.255.255 inside
http 172.16.1.53 255.255.255.255 inside
http 172.16.4.183 255.255.255.255 inside
http 172.16.1.226 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 208.39.161.65 255.255.255.255 inside
telnet 208.39.161.64 255.255.255.252 inside
telnet 172.16.0.0 255.255.0.0 inside
telnet 208.39.161.65 255.255.255.255 DMZ
telnet 208.39.161.64 255.255.255.252 DMZ
telnet timeout 30
ssh 63.214.17.0 255.255.255.0 outside
ssh 68.44.187.221 255.255.255.255 outside
ssh 65.217.171.0 255.255.255.0 outside
ssh 68.81.65.0 255.255.255.0 outside
ssh timeout 45
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect rsh
inspect rtsp
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect http
inspect ils
inspect ftp
!
service-policy global_policy global
smtp-server 172.16.1.6
Cryptochecksum:0bc9058beb1969b07b6667f008edaee4
: end

tj.mitchell · ‎03-21-2011

I would take out the line "http 172.16.0.0 255.255.255.255 inside" as this is incorrect.

Add the line "http 172.16.0.0 255.255.0.0 inside"

Then write it..

dancumming · ‎03-21-2011

I agree, that command looks incorrect. I just made the change but it didn't help.

Shrikant Sundaresh · ‎03-21-2011

Hey Dan,

Could you please try "no http server enable" and then "http server enable" again.

Sometime this is what would be causing the issue.

Secondly, if this doesn't work, if there is very little traffic passing through the device, you might wanna try "debug http" ("un all" to stop), and see the output generated when you try accessing ASDM.

dancumming · ‎03-21-2011

Shirkant,

I did try "no http server enable" and then "http server enable this morning. I just tried the command again and it did not help.

There is a lot of traffic passing through my ASA so I wouldn't be able to debug right now.

Shrikant Sundaresh · ‎03-21-2011

I think the issue is with AAA.

You need to enable local database for HTTP authentication.

Or just remove the aaa-server commands, since i think you are not using them. (Please be careful, if you are.)

dancumming · ‎03-21-2011

I'm not sure if we are using them. This config is from our PIX, which was set up before I got here. I never had to to anything with aaa. Is there a way to tell if I am using it?

If not, how do I enable local database for HTTP authentication?

csaxena · ‎03-21-2011

Hello Dan,

You can enable HTTP authentication using LOCAL server or TACACS+ & RADIUS server using the following command.

aaa authentication ssh console LOCAL

or

aaa authentication ssh console

In addition to this,

add a local username/password:

username password

But this will be a AAA issue only if you are getting a login name/password prompt.

Can you please share the screen shot of the browser, when you are trying to access ASDM using browser (https://172.16.5.1).

Regards,
Chirag

tj.mitchell · ‎03-21-2011

Not really understanding how AAA would cause the page to not display when https:// to the ASA. He should receive a web-page asking to either run the java-asdm or install asdm.

He would then receive the authentication prompts once he clicks on one or the other. I could see it at this point, but according to him the initial web-page is not showing.

Shrikant Sundaresh · ‎03-21-2011

Dan,

in one of the earlier posts, it was mentioned that the command "http 172.16.0.0 255.255.255.255 inside" was incorrect.

Did you do "no http 172.16.0.0 255.255.255.255 inside" and then add the correct line?

Because, just adding the correct line will not have removed this one, and incorrect masks like these have been known to create problems in earlier versions of code.

dancumming · ‎03-21-2011

TJ is correct, I am not even receiving a logon page or anything for that matter in the browser. I have tested in both IE and Firefox but got the same result. I attached the screen shot.

Shrikant, yes I did execute the "no http 172.16.0.0 255.255.255.255 inside" command.

The error I get with the launcher seems to be Java related but I can't pull anything up through a browser which doesn't appear to be Java releated. Since I can't even connect through the browser it would make me think something is configured wrong on the ASA. This is a tough one to figure out...

tj.mitchell · ‎03-21-2011

Got a stupid thought..

can you try this??

access-list inside-out permit ip any any

access-group inside-out in interface inside

see if that does anything??

I know you shouldn't need to, but I have seen funky issues if there isn't an ACL to allow traffic outbound even though it is by default.

andamani · ‎03-21-2011

Hi,

Just for confirmation. do you have a windows firewall switched on on the PC from where you are trying to access the ASDM. if yes, please try switching it off.

lastly please ensure you are running the latest java version.

let me know how it goes.

Regards,

Anisha

- Do rate helpful posts.

Shrikant Sundaresh · ‎03-22-2011

Hi Dan,

When the page does not display anything at all, this means that the PIX is not listening on port 443 on the interface.

To my knowledge, the "show asp table socket" command, is not available in v 7.0(8), and thus I think we would not be able to see if this is true or not.

So lets try to make it listen on one of the other ports.

Do "show run http" and remove every line that comes up. (no http server enable, and no http xx yy inside for all)

Now enter the following 2 lines:

http server enable 4443 (some other port, if this is being used for something else)

http 0 0 inside (for now everything on inside can try accessing)

Now please try accessing the device from your browser: https://172.16.5.1:4443/admin and see if the site opens.