01-22-2015 05:04 AM - edited 03-11-2019 10:22 PM
Hey guys,
I am unable to access cisco asa device using https and cannot lunch asdm, after recent power failure at our location. I have asdm installed on my machine and whenever i try to access the asdm, receive Error: unable to lunch device manager from X.X.X.X The following is log from java console
Trying for ASDM version file; url = https://x.x.x.x/admin/
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
When i try to access it from the browser it show error message
"The connection was interrupted"
I am running CISCO ASA 8.3 (1)
with asdm image as asdm 7.1.3
JAVA version installed Java 7 update 71
I have added the https:> to exception site list and set security level to medium,
even ssh access is not working !!
I would appreciate if anyone can help me out!!
Thanks
Fareed
Solved! Go to Solution.
01-22-2015 07:34 AM
Can you establish a console session? If so, try generating a new crypto key. The key may have been corrupted.
You can verify this first if you can have console access while you also try SSH. You will see a log message similar to "cannot fetch RSA key"
ciscoasa# show log
To generate a new key...
ciscoasa# conf t
crypto key gen rsa mod 2048
01-22-2015 07:34 AM
Can you establish a console session? If so, try generating a new crypto key. The key may have been corrupted.
You can verify this first if you can have console access while you also try SSH. You will see a log message similar to "cannot fetch RSA key"
ciscoasa# show log
To generate a new key...
ciscoasa# conf t
crypto key gen rsa mod 2048
01-25-2015 10:38 PM
Hey lcaruso,
thanks for information!!
i was able to connection through console as suggested and regenerated the rsa key .. was able to connection through ssh, but the issue with the asdm or web access was not resolved.
I have tried few of the steps as suggested on
https://supportforums.cisco.com/document/49741/asa-pixfwsm-unable-manage-unit-sshtelnetasdm#collect_captures
capture output
ZHHFP-FIREWALL1(config)# sh cap capin
139 packets captured
1: 18:50:17.654720 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: S 2567327150:2567327150(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>
2: 18:50:17.654812 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: S 590825877:590825877(0) ack 2567327151 win 8192 <mss 1380>
3: 18:50:17.655621 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: . ack 590825878 win 65520
4: 18:50:17.656078 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: P 2567327151:2567327332(181) ack 590825878 win 65520
5: 18:50:17.656139 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: . ack 2567327332 win 8192
6: 18:50:17.656475 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: FP 590825878:590825878(0) ack 2567327332 win 8192
7: 18:50:17.657696 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: . ack 590825879 win 65520
8: 18:50:17.657802 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: F 2567327332:2567327332(0) ack 590825879 win 65520
9: 18:50:17.657848 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: . ack 2567327333 win 8192
10: 18:50:17.658108 802.1Q vlan#1 P0 192.168.160.113.58085 > 192.168.160.126.8
443: S 1351758892:1351758892(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>
also i have downgraded the java to 1.6_45 but still not luck.
error message i received on java console
Any help would be highly appreciated!!
Thanks
Fareed
01-22-2015 07:39 AM
After a power failure, doesn't hurt to run a file system check...
ciscoasa# fsck disk0:
Lost clusters are collected into *.REC files in flash
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide