FPR1010 running asa software. ASDM not authenticating from outside. - Page 2

troyb · ‎01-29-2025

Has anyone ran into the issue whereby you can use the ASDM on an FPR1010 running asa software from the inside LAN and it works fine, but from outside, it connects but you get a password error? I see this on two different FPR units.

I could understand if it was just not connecting as this would be an issue with the device not setup for remote management. But it is setup and it does connect and it comes back with login failed. Enter username and password.

Units are current on their firmware.

Best,

-Troyb

troyb · ‎02-28-2025

Hello sSiDiUSs,

the Anyconnect secure client service and ASDM are not impacting each other. We have 40+ of the ASAs deployed and 10 FPR1010 units deployed. None have needed the ports changed to use ASDM and Anyconnect. This appears to be a bug in the firmware/ASDM image as inverting the setting for local authentication on the impacted units resolves the issue. The ASDM is using local authentication accounts and the Anyconnect is using radius/LDAP and Duo 2fa authentication. Having the Local authentication set on on these impacted units causes a password error (invalid password from local database) yet if you disable local authentication for the impacted units, Local authentication works for ASDM. Either setting does not impact the Anyconnect service.

However we do have one FPR1010 that is running a version that is between the older ones that work and the ones that have this bug that gets password errors from the local database when enabled and flat out will not connect at all if disabled (Gets connection timed out/No response). So will be upgrading this one unit to the current version which the others are running and verify. If all works with the inverted settings, then will open a bug case with TAC as I will have all the data needed to reproduce.

Thank you for your response.

Best,

-Troy