I have been working with ASA's for about 8 months now. I have a 5520 that is brand new out of the box and a 5510 that I blew up last week (read as format disk, start from scratch).
I have generated RSA keys, loaded license keys, loaded IOS's and configs in the last few days. Luckily these boxes are table top at the moment and nothingto do with production. However, I have tried to load production configurations on to these boxes, and have determined that not all the lines of the configs will load.
To be specific at the moment, I am unable to load "asdm location 192.168.50.0 255.255.255.0 inside" on either box. I am also unable to use my broswer and HTTPS://192.168.50.1 to access the ASA, even though I have HTTP serve enabled and HTTP 192.168.50.0 listed in the config.
Because I blew up one of the boxes and started from scratch and the other box is brand new, is/are there any other special things that need to be done to these boxes? Like I could put in some of the "crypto" config lines in the boxes until I did the license keys, once they were lin, I could configure the crypto lines.
I am open to any suggestions as this point as I can't current get the VPN's to come up (different issue here) nor see what's going on with the VPN's without ASDM.
please configure the ASDM-permitted subnets as following:
and make sure that you have overlapping ciphers between the client and the ASA:
show run ssl
if it persists, get the SSL captures at the ASA as .pcap
hope this helps
Do you mean SSL or SSH????
I do a search in my config and don't see SSL. I have compared to my production unit and also do not see SSL in the config.
I do have ssh IP lines in my config.
ssh 192.168.50.0 255.255.255.0 inside.
Any other suggestions?
For you asdm access to work, you should enable strong encryption protocols for ssl, wich is disables by default. So, as Mashal said, you'd have to add this from global config mode:
I have added the line ssl encryption aes256......
Should I be able to see this line in the config now?
Attempted to open asdm from my desktop application, I put in the correct ip address and username and password and get this error message: unable to launch device manager from ip.
I have had this error the entire time.
do you use webvpn on the same ASA interface which you connect to for ASDM access ?
do you fail when accessing from browser ?
do you have an SSL certificate ready on the ASA ?
please share your config, client OS and Java version.
hope this helps