Re: Cisco 5505 security plus configuration

sebastienlex · ‎06-10-2018

Hello,

My name is Sebastien
My english is not perfect, i'm not natif of this language so i going to do my best.

I received my Cisco ASA 5505.

My knowledges in network Cisco and in general is very low so i have lot of questions, but for this time being i would like to focus on a problem with ASDM.

I used the factory configuration with the command : configure factory_default 10.1.99.254 255.255.255.0

and i put settings on my network card with this one : 10.1.99.2 / 255.255.255.0 and 10.1.99.254 to be on the same network.

so after this operations i opended my browser and i writed : https://10.1.99.254:443 and i downloaded and installed java and ASDM but i had a problem.

usually when i write on ASDM my address : 10.1.99.254 the loading turn off at 52% and i don't understand the ASDM close the programme like this video show it.

i looked on internet but i didn't find answere.

https://drive.google.com/file/d/1pW2e5tr25brOFJXlmwKB2d8DiqEZRuOW/view?usp=sharing

Do you have idea ?

thank you very much.

johnlloyd_13 · ‎06-10-2018

hi,

could you post a show version output?

the 5505 ASA code should be compatible with ASDM image.

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

there might be also a java compatibility or runtime issue that you should be aware of.

sebastienlex · ‎06-11-2018

When i write : show running-config i have :

Hardware: ASA5505, 1024 MB RAM, CPU Geode 500 MHz

ASA Version 9.1(7)13

my luncher is : v1.8(0)

when i write : show version i have :

Cisco Adaptive Security Appliance Software Version 9.1(7)13
Device Manager Version 7.7(1)

sebastienlex · ‎06-11-2018

This is a new video explain the problem

https://drive.google.com/file/d/1Mre_CRr5vsDW3gc9DJ5eBiRKzwN3lzvw/view?usp=sharing

Thank you.

johnlloyd_13 · ‎06-11-2018

your ASA code and ASDM image should be compatible.

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#id_59423

do you have HTTP/ASDM configured on the 5505?

could you post a show run http output?

sebastienlex · ‎06-11-2018

Ok, it's not clear ...

So i decided to do a new configure

I have internet ! it's work but, it's impossible to connect to ASDM

what do you think about that ?

ciscoasa(config)# configure factory-default 192.168.2.5 255.255.255.0

Based on the inside IP address and mask, the DHCP address
pool size is reduced to 246 from the platform limit 256

WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.

Begin to apply factory-default configuration:
Clear all configuration
Executing command: interface Ethernet 0/0
Executing command: switchport access vlan 2
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/1
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/2
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/3
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/4
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/5
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/6
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface Ethernet 0/7
Executing command: switchport access vlan 1
Executing command: no shutdown
Executing command: exit
Executing command: interface vlan2
Executing command: nameif outside
INFO: Security level for "outside" set to 0 by default.
Executing command: no shutdown
Executing command: ip address dhcp setroute
Executing command: exit
Executing command: interface vlan1
Executing command: nameif inside
INFO: Security level for "inside" set to 100 by default.
Executing command: ip address 192.168.2.5 255.255.255.0
Executing command: security-level 100
Executing command: allow-ssc-mgmt
ERROR: SSC card is not available
Executing command: no shutdown
Executing command: exit
Executing command: object network obj_any
Executing command: subnet 0.0.0.0 0.0.0.0
Executing command: nat (inside,outside) dynamic interface
Executing command: exit
Executing command: http server enable
Executing command: http 192.168.2.0 255.255.255.0 inside
Executing command: dhcpd address 192.168.2.9-192.168.2.254 inside
Executing command: dhcpd auto_config outside
Executing command: dhcpd enable inside
Executing command: logging asdm informational
Factory-default configuration is completed
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# ssh 192.168.2.0 255.255.255.0 inside
ciscoasa(config)# ssh 192.168.1.0 255.255.255.0 outside
ciscoasa(config)# http 192.168.1.0 255.255.255.0 outside
ciscoasa(config)# route
ERROR: % Incomplete command
ciscoasa(config)# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
 * - candidate default, U - per-user static route, o - ODR
 P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

C 192.168.1.0 255.255.255.0 is directly connected, outside
C 192.168.2.0 255.255.255.0 is directly connected, inside
d* 0.0.0.0 0.0.0.0 [1/0] via 192.168.1.1, outside

Florin Barhala · ‎06-12-2018

If you can SSH just add
http 192.168.2.0 255.255.255.0 inside

The reason you can't ASDM from outside most probably reside to your ISP or the equipment that offers you Internet NOT NATTING 443 toward ASA outside IP.