Its not in multi-context

Access has been enabled , but still iam not able to connect from outside interface or routed vlan's, however iam able to access from all inside interfaces (higher sec level)

http server enable

http 10.0.X.0 255.255.255.0 outside

management-access outside

asdm location 10.0.x.x 255.255.255.255 outside

Hi Kauser,

The IP you're using is a Private IP. i would expect to see a public IP subnet in those commands, since you're trying to connect to the outside interface from an outside network.

Hope this helps!

Regards,

Anu

Hi Kauser,

The location from you are testing needs to be connected to the outside interface, I am not sure, but it seems that you are trying to connect from a PC which is on the inside interface,  you would not be able to access the ASDM from a remote interface. You can ASDM into the firewall from internet, for which the request would fall on the outside interface, in your case i guess the request is coming on the inside interface, for ASDM on outside, which is not correct.

Thanks,

Varun

The outside and inside interfaces are virtual interfces separating priviate vlans in a core switch hosting servers.

.Basically iam not able to get admin access from security level 0 interface .I need to find out whether there is any way to achieve this

Hi Kauser,

Could you post the output of "show run int" from the FWSM here? Also, is the FWSM running in multiple context?

Regards,

Anu

Firewall/6# sh run int

!

interface Vlan5

nameif DMZ5

security-level 50

ip address 10.X.X.X 255.255.255.0

!

interface Vlan6

nameif DMZ6

security-level 50

ip address 10.X.X.X 255.255.255.0

!

interface Vlan7

nameif DMZ7

security-level 50

ip address 10.X.X.X 255.255.255.0

!

.

.

.

.

interface Vlan100

nameif outside

security-level 0

ip address 10.X.X.X 255.255.255.252

!

interface Vlan101

description LAN Failover Interface

!.

interface Vlan102

nameif inside

security-level 100

ip address 10.X.X.X 255.255.255.0

Hi Kauser,

Is NAT enabled on the firewall? How does the world see the outside IP? What is the next hop for this firewall(def route)? It would be great if you can post the output of "sh run" here.

Regards,

Anu

Dear,

This is an FWSm module with default route to Core Sw MSFC , the outside IP can be reached from any access vlan in core sw

Hi Kauser,

What is the IP address of the host from where you're trying to reach the FWSM outside interface? Give me an eg.

Regards,

Anu

Hello Kausar,

First of all lets take out all the ASDM configuration ( just in case the ASDM daemon got stuck)

no  http server enable

no http 10.0.X.0 255.255.255.0 outside

Now can you add the following command just to test the connection?

http server enable

http 0 0 outside

If this do not work,I would like to see the debug for the http protocol

Debug http

Please provide the output of the debug.

Regards,

Please rate helpful posts!!

Julio