cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4289
Views
0
Helpful
10
Replies

Unable to launch ASDM, and access https:// to run Asdm..

Shane Riley
Level 1
Level 1

         Hey folks, i am unable to launch ASDM, and access https:// to run Asdm..everything worked find yesterday but now for some reason it wont work?

     Any tips?

When i am trying to log in with the asdm it just hangs on the connecting to device... please wait...

When i am tryng access the https://... i get the ssl do you want to trust.. and i press proceed anyway and i get an error

Asa 5510

Device manager version 6.1

System image file is "disk0:/asa804-k8.bin

Also i am accessing the asa with ssh without any issues

See the attached image

Appreciate your help, Thanks

/Shane

10 Replies 10

Michal Garcarz
Cisco Employee
Cisco Employee

Hi Shane,

Could you send me results:

sh crypto ca certificate

sh run aaa

sh run http

sh run | i asdm

sh run | i trust-point

dir all-filesystems

Then i will be able to verify your configuration.

---

Michal

sh crypto ca certificate: nothing here

sh run aaa:

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL

aaa authentication telnet console LOCAL

sh run http: (this needs to be updated) but for now its configured like this.

http server enable

http 172.19.0.45 255.255.255.255 Vlan_3

http x.x.x.x 255.255.255.255 outside

http 172.20.0.0 255.255.255.0 Vlan_5

http 192.168.1.0 255.255.255.0 management

http 130.237.108.0 255.255.255.0 inside

http 130.237.107.0 255.255.255.0 inside

http Vlan_3 255.255.255.0 inside

http 172.21.0.0 255.255.0.0 inside

http 192.168.0.0 255.255.255.0 outside

http x.x.x.x 255.255.255.255 outside

http 172.21.0.0 255.255.254.0 Vlan_7_Personal

http 172.20.0.0 255.255.255.255 Vlan_5

http 192.168.0.0 255.255.255.0 Vlan_5

http 192.168.0.0 255.255.255.255 outside

http x.x.x.x 255.255.255.255 outside

http x.x.x.x 6 255.255.255.255 outside

sh run i asdm

logging asdm informational

asdm image disk0:/asdm-61557.bin

no asdm history enable

sh run | i trust-point: nothing here

dir all-filesystems:

159    -rwx  5474304     01:04:48 Jan 01 2003  asa706-k8.bin

160    -rwx  5823980     16:51:38 May 02 2007  asdm506.bin

162    -rwx  8312832     03:06:38 Jun 20 2007  asa722-k8.bin

163    -rwx  5623108     03:15:52 Jun 20 2007  asdm522.BIN

164    -rwx  5648656     05:30:52 Jun 20 2007  asdm522-61.bin

165    -rwx  14137344    01:44:02 Mar 06 2009  asa804-k8.bin

166    -rwx  7598456     01:47:16 Mar 06 2009  asdm-615.bin

75     drwx  8192        01:08:56 Mar 06 2009  log

79     drwx  8192        01:09:08 Mar 06 2009  crypto_archive

167    drwx  8192        08:55:50 Aug 11 2011  tmp

168    -rwx  7621596     09:48:48 Apr 07 2009  asdm-61557.bin

169    -rwx  2643110     12:09:54 Apr 27 2009  anyconnect-win-2.3.0185-k9.pkg

170    -rwx  4096        14:43:24 Mar 22 2012  ._vpn.pkg

171    -rwx  3860165     15:15:18 Mar 22 2012  vpnsetup.dmg

255426560 bytes total (188039168 bytes free)

Directory of system:/

1      ----  0           01:00:00 Jan 01 1970  running-config

No space information available

Directory of cache:/

0      drw-  0           14:33:28 Nov 22 2012  stc

Thanks

Shane

Shane: you do not have certificate. ASDM uses tcp/443 with SSL session. If you will not have correct certificate connection will fail.

You can verify this using "debug http 255" and try to connect.

You can generate self-signed certificate:

ciscoasa(config)# crypto ca trustpoint TP

ciscoasa(config)# enrollment self

ciscoasa(config)# crypto ca enroll TP

ciscoasa(config)# ssl trust-point TP

---

Michal

Hey Michal.

Yeah well i did generate a new self signed certificate..but there is still problem.. Still Get an error when i allow the self signed certificate in the web browser,, The Connection was reset the connection the the server was reset while the page was loading..

/Shane

1. Could you deinstall ASDM application from PC and connect via web browser ?

2. Did you try different web browsers ?

3. If still having problems:

Could you enable debugs:

"debug http 255"

and post the results after you have tried to connect ?

---

Michal

Well i found a old configuration file so i copied it to the asa and then everything worked fine I think myabe i t hade something to do with asdm location settings?

1. "asdm location" from command reference:

Do not manually configure this command. ASDM adds

asdm location

commands to the running configuration and uses them for internal communication. This command is included in the documentation for informational purposes only.

2. Do you use the same location and asdm image file ?

3. Do you use the same PC (without ASDM removal) ?

4. You might high rare situation when just reboot was needed.

http://www.cisco.com/en/US/products/ps6121/products_tech_note09186a0080aaeff5.shtml

There is no magic here, if you want to find out where exactly was the problem you can send me what was different in terms of the commands i have asked before.

---

Michal

Its no difference in terms of the commands i posted before..same o same..

yeah i did use the sam asdm image file

Same PC..

The config file that i copied to the asa had  a bunch of asdm location entries.. a few more difference from the one that was running..

It dont have

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

And it didn't have some vpn and group policy entries...

Its about that, well it seems to work now so i am glad for that

Thanks

Shane



Did you reboot ASA ? Or it stareted working directly when you pasted old config ?

It's a pretty old software, we might hit some bug here.

You could reconsider upgrade to newest in tree 8.2.5 with fresh asdm version.

---

Michal

Yes i did reboot the ASA., and the plan is to upgrade soon

Thanks for your help

/Shane

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: