06-28-2021 06:31 AM
I am no longer able to access ASDM. I have version 7.33. I have the IP in the Java exception list and the security level is set to medium. If I try to open ASDM from a browser I get a 404 error
The first message I get is ASDM will start up using Java Web Start. For ASDM 7.3(1) and later, you will be prompted to follow the wizard to create a self-sign certificate.
Then I get an error Unable to launch the application.
I have tried with Java version 7 update 80
The Java error I get it this.
java.io.FileNotFoundException: https://172.16.10.100/admin/public/cert.jnlp
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
06-28-2021 06:44 AM
from the cli could you post the output from the following commands
show run ssl
show crypto ca certificate
06-28-2021 06:53 AM
Alex-ASA# sh run ssl
Alex-ASA#
Alex-ASA# sh crypto ca certif
Alex-ASA# sh crypto ca certificates
CA Certificate
Status: Available
Certificate Serial Number: 6ecc7aa5a7032009b8cebcf4e952d491
Certificate Usage: General Purpose
Public Key Type: RSA (2048 bits)
Issuer Name:
cn=VeriSign Class 3 Public Primary Certification Authority - G5
ou=(c) 2006 VeriSign\, Inc. - For authorized use only
ou=VeriSign Trust Network
o=VeriSign\, Inc.
c=US
Subject Name:
cn=VeriSign Class 3 Secure Server CA - G3
ou=Terms of use at https://www.verisign.com/rpa (c)10
ou=VeriSign Trust Network
o=VeriSign\, Inc.
c=US
OCSP AIA:
URL: http://ocsp.verisign.com
CRL Distribution Points:
[1] http://crl.verisign.com/pca3-g5.crl
Validity Date:
start date: 19:00:00 EST Feb 7 2010
end date: 18:59:59 EST Feb 7 2020
Associated Trustpoints: _SmartCallHome_ServerCA
06-28-2021 09:23 AM
Since you are running a very old version of ASDM (7.3) it could easily be that your OS is blocking SSLv3/TLSv1.0/TLSv1.1, since TLS1.0 and 1.1 are EoL since April 2021 (SSL was EoL even before).
I know that Java introduced EoL of these protocols too since 1.8.0_291.
BR,
Milos
06-28-2021 01:54 PM
Could you please provide the output of the following aswell,
show run http
show run asdm
show asp table socket
Also you are missing the command,
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
06-29-2021 01:49 PM
Alex-ASA# sh run http
http server enable
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 Outside
http 0.0.0.0 0.0.0.0 Inside
http 0.0.0.0 0.0.0.0 Temp
Alex-ASA# sh run asdm
asdm image disk0:/asdm-7161.bin
asdm history enable
Alex-ASA# show asp table socket
Protocol Socket State Local Address Foreign Address
SSL 00003688 LISTEN 192.168.1.1:443 0.0.0.0:*
SSL 00005648 LISTEN 50.242.252.131:443 0.0.0.0:*
SSL 00006e78 LISTEN 172.16.128.2:443 0.0.0.0:*
SSL 00008778 LISTEN 172.16.10.100:443 0.0.0.0:*
TCP 0000bfe8 LISTEN 172.16.128.2:23 0.0.0.0:*
TCP 0000d428 LISTEN 50.242.252.131:22 0.0.0.0:*
TCP 0000e6d8 LISTEN 172.16.128.2:22 0.0.0.0:*
06-30-2021 02:18 AM
did you add the command ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 ?
06-30-2021 06:11 AM
I did..
07-05-2021 11:26 PM
Have you tried generating a new certificate and binding that trustpoint to ssl on the outside interface?
07-06-2021 06:26 AM
I have.. I have three ASA's that are all having the same problem. I found a 4th that actually works and going to use that one to send to my customer but I still need to get these other ones working somehow.
07-06-2021 11:23 AM
Your old ASDM is only offering TLS 1.0 in its server hello handshake. Please upgrade to a current ASDM release and it will then support TLS 1.2 and you should be able to connect from your client PCs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide