05-19-2015 08:26 AM - edited 03-11-2019 10:57 PM
Hi
I use to use this feature a lot which was good to test firewall rules and prove to clients the rule was actually working.
Yet after upgrading to a newer FW (ASA 5545) a few weeks ago, this feature has stopped working. I have attached a picture of the error message I get no matter what combination of test I try.
Any ideas or advice on how to fix it? The ASA version is 9.1(1) and the ASDM version is 7.3(1).
Kind regards,
Mark
Solved! Go to Solution.
05-19-2015 08:49 AM
The syntax that the ASDM tries to send to the ASA is wrong (inline tags are from 0 to 64k). So my first advise would be to upgrade the ASDM. And your ASA-version is also very old. Also consider upgrading that to 9.1(6).
05-19-2015 10:43 AM
1) you can run it from the command-line. Just skip the "inline-tag X" as that is typically not needed.
2) Upgrading the ASDM causes no downtime at all. Just upload the ASDM to both units and set the ASDM-image on the active one. Restart ASDM and you are done.
3) Even ASA-update is possible without downtime if you are using failover:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#73860
05-19-2015 08:49 AM
The syntax that the ASDM tries to send to the ASA is wrong (inline tags are from 0 to 64k). So my first advise would be to upgrade the ASDM. And your ASA-version is also very old. Also consider upgrading that to 9.1(6).
05-19-2015 09:51 AM
Thanks for replying. Is there a way I can run the same command from telnet/SSH if that is the problem or will the output not work in the command line?
Regarding upgrading the ASDM, it is very difficult to arrange downtime to reboot it. Or if It is in a failover pair which we just did, is there a way to connect to each remotely and upgrade them both without causing disruption making one Primary and the other Active whilst I upgrade them?
05-19-2015 10:43 AM
1) you can run it from the command-line. Just skip the "inline-tag X" as that is typically not needed.
2) Upgrading the ASDM causes no downtime at all. Just upload the ASDM to both units and set the ASDM-image on the active one. Restart ASDM and you are done.
3) Even ASA-update is possible without downtime if you are using failover:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#73860
05-21-2015 01:34 AM
Thanks again, really helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide