11-14-2008 01:29 PM - edited 03-11-2019 07:13 AM
i've just upgraded to asa 8.0 and ASDM6. Everything seems to be working fine except the ADSM. Any thoughts?
myasa01# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)51
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
myasa01# sh running-config management-access
management-access inside
myasa01# sh running-config asdm
asdm image disk0:/asdm-61551.bin
asdm history enable
myasa01# sh running-config http
http server enable
http 10.10.14.6 255.255.255.255 inside
myasa01# sh running-config access-group
access-group OutsideAllowedIn in interface outside
myasa01# dir flash:
Directory of disk0:/
115 -rwx 21986 18:35:08 Nov 12 2008 running-config.2008111201.cfg
117 -rwx 8294400 08:05:00 Dec 12 2006 asa721-25-k8.bin
118 -rwx 5539756 08:06:50 Dec 12 2006 asdm521.bin
119 -rwx 14137344 19:23:44 Nov 12 2008 asa804-k8.bin
121 -rwx 415956 10:34:02 Apr 10 2008 sslclient-win-1.1.4.176.pkg
123 -rwx 7605252 19:06:34 Nov 12 2008 asdm-61551.bin
124 -rwx 2154944 19:28:58 Nov 12 2008 anyconnect-win-2.2.0140-k9.pkg
###log entries###
Nov 14 2008 13:10:26 myasa01 : %ASA-3-710003: TCP access denied by ACL from 10.10.14.6/45666 to inside:10.10.14.2/443
Nov 14 2008 13:10:26 myasa01 : %ASA-7-710005: TCP request discarded from 10.10.14.6/45666 to inside:10.10.14.2/443
##Tracker results###
myasa01# packet-tracer input inside tcp 10.10.14.6 45663 10.10.14.2 443 detail
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc89b2570, priority=1, domain=permit, deny=false
hits=1132251, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.10.14.2 255.255.255.255 identity
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.10.14.0 255.255.255.0 inside
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xc89b27e0, priority=0, domain=permit, deny=true
hits=3515, user_data=0x9, cs_id=0x0, flags=0x1000, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Solved! Go to Solution.
11-15-2008 04:45 AM
Hello,
I suggest,
1) Try reloading the device,
2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.
3)Make sure no SSLvpn is configured on this interface
4)Try using an identical ASDM image version like 6.0(x)
Regards
11-16-2008 11:01 AM
Hi,
Device Manager Version 6.1(5)51 is having some issues,
The stable ASDM version for 8.0(4) was
6.0(3).
All the best.
11-15-2008 04:45 AM
Hello,
I suggest,
1) Try reloading the device,
2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.
3)Make sure no SSLvpn is configured on this interface
4)Try using an identical ASDM image version like 6.0(x)
Regards
11-16-2008 03:09 PM
Rolling back to asdm6.0(3) and reloading was the key. Simply reloading or simply changing the asdm image wouldn't do it. Also, it's worth noting for posterity that:
1) removed the asdm configuration and the http configuration (clear configure httpd, clear configure asdm)
2) reloaded the device
3) configured the asdm image, the the httpd ACL then enabled the http server.
Thanks for you quick and thorough replies. The assist goes to chaitu_kranthi.
11-16-2008 11:01 AM
Hi,
Device Manager Version 6.1(5)51 is having some issues,
The stable ASDM version for 8.0(4) was
6.0(3).
All the best.
11-16-2008 03:10 PM
asdm-603.bin worked like a champ..see my reply to husycisco. Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide