Solved: Hey lcaruso, thanks for

Fareeduddin Shaik · ‎01-22-2015

Hey guys,

I am unable to access cisco asa device using https and cannot lunch asdm, after recent power failure at our location. I have asdm installed on my machine and whenever i try to access the asdm, receive Error: unable to lunch device manager from X.X.X.X The following is log from java console

Trying for ASDM version file; url = https://x.x.x.x/admin/

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

When i try to access it from the browser it show error message

"The connection was interrupted"

I am running CISCO ASA 8.3 (1)

with asdm image as asdm 7.1.3

JAVA version installed Java 7 update 71

I have added the https:> to exception site list and set security level to medium,

even ssh access is not working !!

I would appreciate if anyone can help me out!!

Thanks

Fareed

lcaruso · ‎01-22-2015

Can you establish a console session? If so, try generating a new crypto key. The key may have been corrupted.

You can verify this first if you can have console access while you also try SSH. You will see a log message similar to "cannot fetch RSA key"

ciscoasa# show log

To generate a new key...

ciscoasa# conf t

crypto key gen rsa mod 2048

View solution in original post

lcaruso · ‎01-22-2015

Can you establish a console session? If so, try generating a new crypto key. The key may have been corrupted.

You can verify this first if you can have console access while you also try SSH. You will see a log message similar to "cannot fetch RSA key"

ciscoasa# show log

To generate a new key...

ciscoasa# conf t

crypto key gen rsa mod 2048

Fareeduddin Shaik · ‎01-25-2015

Hey lcaruso,

thanks for information!!

i was able to connection through console as suggested and regenerated the rsa key .. was able to connection through ssh, but the issue with the asdm or web access was not resolved.

I have tried few of the steps as suggested on

https://supportforums.cisco.com/document/49741/asa-pixfwsm-unable-manage-unit-sshtelnetasdm#collect_captures

capture output

ZHHFP-FIREWALL1(config)# sh cap capin

139 packets captured

1: 18:50:17.654720 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: S 2567327150:2567327150(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>

2: 18:50:17.654812 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: S 590825877:590825877(0) ack 2567327151 win 8192 <mss 1380>
3: 18:50:17.655621 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: . ack 590825878 win 65520
4: 18:50:17.656078 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: P 2567327151:2567327332(181) ack 590825878 win 65520
5: 18:50:17.656139 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: . ack 2567327332 win 8192
6: 18:50:17.656475 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: FP 590825878:590825878(0) ack 2567327332 win 8192
7: 18:50:17.657696 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: . ack 590825879 win 65520
8: 18:50:17.657802 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: F 2567327332:2567327332(0) ack 590825879 win 65520
9: 18:50:17.657848 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: . ack 2567327333 win 8192
10: 18:50:17.658108 802.1Q vlan#1 P0 192.168.160.113.58085 > 192.168.160.126.8
443: S 1351758892:1351758892(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>

also i have downgraded the java to 1.6_45 but still not luck.

error message i received on java console

Trying for IDM. url=https://x.x.x.x/idm/idm.jnlp/

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)

at com.cisco.launcher.w.a(Unknown Source)

at com.cisco.launcher.s.for(Unknown Source)

at com.cisco.launcher.s.new(Unknown Source)

at com.cisco.launcher.s.access$000(Unknown Source)

at com.cisco.launcher.s$2.a(Unknown Source)

at com.cisco.launcher.g$2.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: java.io.EOFException: SSL peer shut down incorrectly

at sun.security.ssl.InputRecord.read(Unknown Source)

... 15 more

Any help would be highly appreciated!!

Thanks

Fareed

lcaruso · ‎01-22-2015

After a power failure, doesn't hurt to run a file system check...

ciscoasa# fsck disk0:

Lost clusters are collected into *.REC files in flash

Unable to access cisco asa via https or asdm!! connection interrupted message appears on the browser