08-22-2013 09:42 AM - edited 03-11-2019 07:29 PM
We are having a problem loading ASDM from one of our 5510 ASA's. We have several firewalls but this is the only one giving us this problem. The ASA is running version 8.2(5) and I upgraded ASDM to version 7.13 yesterday. HTTP is configured as follows:
http server enable
http 10.10.0.0 255.255.255.0 inside
http 10.10.10.0 255.255.255.0 inside
http 10.10.20.0 255.255.255.0 inside
I have tried changing http to use a custom port with no luck.
http server enable 8443
http 10.10.0.0 255.255.255.0 inside
http 10.10.10.0 255.255.255.0 inside
http 10.10.20.0 255.255.255.0 inside
The best I have been able to determine is this this device is running WebVPN with a third party ssl certificate installed as well as site to site vpn to remote sites.
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: aes256-sha1
Disabled ciphers: 3des-sha1 des-sha1 rc4-md5 rc4-sha1 aes128-sha1 null-sha1
SSL trust-points:
outside interface: ASDM_TrustPoint1
Certificate authentication is not enabled
crypto ca trustpoint ASDM_TrustPoint0
crypto ca trustpoint ASDM_TrustPoint1
crypto ca certificate chain ASDM_TrustPoint0
crypto ca certificate chain ASDM_TrustPoint1
ssl trust-point ASDM_TrustPoint1 outside
Would the third party certificate bound to the outside interface create problems or prevent us from accessing the device from the inside using ASDM?
08-23-2013 01:53 AM
What does the debugging says when you connect with ASDM?
Michael
Please rate all helpful posts
08-23-2013 02:42 AM
Would the third party certificate bound to the outside interface create problems or prevent us from accessing the device from the inside using ASDM?
No this would not prevent you from accessing the ASDM on the inside...or the outside for that matter.
But the WebVPN would cause problems as it also uses port 443 by default.
How are you accessing the ASDM when using port 8443?
Are you running the ASDM from the ASA or downloading a standalone copy and running that?
Did you remove the old ASDM you were using and install the new 7.13 and connect with that?
What version Java are you running?
If you are not running the latest version of Java I suggest upgrading.
08-27-2013 08:13 AM
The problem turned out to be a third party SSL certificate that did not match the IP Address the device was configured for and SSL encryption being set to aes256-sha1. I was able to resolve the problem by removing those setting from SSL.
no ssl trust-point ASDM_TrustPoint1 outside
no ssl encryption aes256-sha1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide