01-18-2013 03:51 AM - edited 03-11-2019 05:48 PM
Hey folks, i am unable to launch ASDM, and access https:// to run Asdm..everything worked find yesterday but now for some reason it wont work?
Any tips?
When i am trying to log in with the asdm it just hangs on the connecting to device... please wait...
When i am tryng access the https://... i get the ssl do you want to trust.. and i press proceed anyway and i get an error
Asa 5510
Device manager version 6.1
System image file is "disk0:/asa804-k8.bin
Also i am accessing the asa with ssh without any issues
See the attached image
Appreciate your help, Thanks
/Shane
01-18-2013 04:10 AM
Hi Shane,
Could you send me results:
sh crypto ca certificate
sh run aaa
sh run http
sh run | i asdm
sh run | i trust-point
dir all-filesystems
Then i will be able to verify your configuration.
---
Michal
01-18-2013 04:55 AM
sh crypto ca certificate: nothing here
sh run aaa:
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
sh run http: (this needs to be updated) but for now its configured like this.
http server enable
http 172.19.0.45 255.255.255.255 Vlan_3
http x.x.x.x 255.255.255.255 outside
http 172.20.0.0 255.255.255.0 Vlan_5
http 192.168.1.0 255.255.255.0 management
http 130.237.108.0 255.255.255.0 inside
http 130.237.107.0 255.255.255.0 inside
http Vlan_3 255.255.255.0 inside
http 172.21.0.0 255.255.0.0 inside
http 192.168.0.0 255.255.255.0 outside
http x.x.x.x 255.255.255.255 outside
http 172.21.0.0 255.255.254.0 Vlan_7_Personal
http 172.20.0.0 255.255.255.255 Vlan_5
http 192.168.0.0 255.255.255.0 Vlan_5
http 192.168.0.0 255.255.255.255 outside
http x.x.x.x 255.255.255.255 outside
http x.x.x.x 6 255.255.255.255 outside
sh run i asdm
logging asdm informational
asdm image disk0:/asdm-61557.bin
no asdm history enable
sh run | i trust-point: nothing here
dir all-filesystems:
159 -rwx 5474304 01:04:48 Jan 01 2003 asa706-k8.bin
160 -rwx 5823980 16:51:38 May 02 2007 asdm506.bin
162 -rwx 8312832 03:06:38 Jun 20 2007 asa722-k8.bin
163 -rwx 5623108 03:15:52 Jun 20 2007 asdm522.BIN
164 -rwx 5648656 05:30:52 Jun 20 2007 asdm522-61.bin
165 -rwx 14137344 01:44:02 Mar 06 2009 asa804-k8.bin
166 -rwx 7598456 01:47:16 Mar 06 2009 asdm-615.bin
75 drwx 8192 01:08:56 Mar 06 2009 log
79 drwx 8192 01:09:08 Mar 06 2009 crypto_archive
167 drwx 8192 08:55:50 Aug 11 2011 tmp
168 -rwx 7621596 09:48:48 Apr 07 2009 asdm-61557.bin
169 -rwx 2643110 12:09:54 Apr 27 2009 anyconnect-win-2.3.0185-k9.pkg
170 -rwx 4096 14:43:24 Mar 22 2012 ._vpn.pkg
171 -rwx 3860165 15:15:18 Mar 22 2012 vpnsetup.dmg
255426560 bytes total (188039168 bytes free)
Directory of system:/
1 ---- 0 01:00:00 Jan 01 1970 running-config
No space information available
Directory of cache:/
0 drw- 0 14:33:28 Nov 22 2012 stc
Thanks
Shane
01-18-2013 06:16 AM
Shane: you do not have certificate. ASDM uses tcp/443 with SSL session. If you will not have correct certificate connection will fail.
You can verify this using "debug http 255" and try to connect.
You can generate self-signed certificate:
ciscoasa(config)# crypto ca trustpoint TP
ciscoasa(config)# enrollment self
ciscoasa(config)# crypto ca enroll TP
ciscoasa(config)# ssl trust-point TP
---
Michal
01-18-2013 06:44 AM
Hey Michal.
Yeah well i did generate a new self signed certificate..but there is still problem.. Still Get an error when i allow the self signed certificate in the web browser,, The Connection was reset the connection the the server was reset while the page was loading..
/Shane
01-18-2013 07:24 AM
1. Could you deinstall ASDM application from PC and connect via web browser ?
2. Did you try different web browsers ?
3. If still having problems:
Could you enable debugs:
"debug http 255"
and post the results after you have tried to connect ?
---
Michal
01-18-2013 12:20 PM
Well i found a old configuration file so i copied it to the asa and then everything worked fine I think myabe i t hade something to do with asdm location settings?
01-18-2013 11:46 PM
1. "asdm location" from command reference:
Do not manually configure this command. ASDM adds
asdm location
commands to the running configuration and uses them for internal communication. This command is included in the documentation for informational purposes only.
2. Do you use the same location and asdm image file ?
3. Do you use the same PC (without ASDM removal) ?
4. You might high rare situation when just reboot was needed.
http://www.cisco.com/en/US/products/ps6121/products_tech_note09186a0080aaeff5.shtml
There is no magic here, if you want to find out where exactly was the problem you can send me what was different in terms of the commands i have asked before.
---
Michal
01-19-2013 01:17 AM
Its no difference in terms of the commands i posted before..same o same..
yeah i did use the sam asdm image file
Same PC..
The config file that i copied to the asa had a bunch of asdm location entries.. a few more difference from the one that was running..
It dont have
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
And it didn't have some vpn and group policy entries...
Its about that, well it seems to work now so i am glad for that
Thanks
Shane
01-19-2013 01:42 AM
Did you reboot ASA ? Or it stareted working directly when you pasted old config ?
It's a pretty old software, we might hit some bug here.
You could reconsider upgrade to newest in tree 8.2.5 with fresh asdm version.
---
Michal
01-19-2013 01:47 AM
Yes i did reboot the ASA., and the plan is to upgrade soon
Thanks for your help
/Shane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide