cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

246
Views
0
Helpful
6
Replies
Highlighted
Beginner

Unable to use ASDM on 5510 and 5520 ASA

Hello,

I have been working with ASA's for about 8 months now.  I have a 5520 that is brand new out of the box and a 5510 that I blew up last week (read as format disk, start from scratch).

I have generated RSA keys, loaded license keys, loaded IOS's and configs in the last few days.  Luckily these boxes are table top at the moment and nothingto do with production.  However, I have tried to load production configurations on to these boxes, and have determined that not all the lines of the configs will load.

To be specific at the moment, I am unable to load "asdm location 192.168.50.0 255.255.255.0 inside" on either box.  I am also unable to use my broswer and HTTPS://192.168.50.1              to access the ASA, even though I have HTTP serve enabled and HTTP 192.168.50.0 listed in the config.

Because I blew up one of the boxes and started from scratch and the other box is brand new, is/are there any other special things that need to be done to these boxes?  Like I could put in some of the "crypto" config lines in the boxes until I did the license keys, once they were lin, I could configure the crypto lines.

I am open to any suggestions as this point as I can't current get the VPN's to come up (different issue here) nor see what's going on with the VPN's without ASDM.

Thank you!

Tracey

6 REPLIES 6
Highlighted
Beginner

Hi,

please configure the ASDM-permitted subnets as following:

http

and make sure that you have overlapping ciphers between the client and the ASA:

show run ssl

ssl encryption

if it persists, get the SSL captures at the ASA as .pcap

hope this helps

------------------
Mashal Alshboul

------------------ Mashal Shboul
Highlighted

Http lines are in the config.

I have confirmed that the asdm.bin is on disk0.

Will confirm that there is the ssl line.  More to come later.

Highlighted

Do you mean SSL or SSH????

I do a search in my config and don't see SSL.  I have compared to my production unit and also do not see SSL in the config.

I do have ssh IP lines in my config.

ssh 192.168.50.0 255.255.255.0 inside.

Any other suggestions?

Highlighted

For you asdm access to work, you should enable strong encryption protocols for ssl, wich is disables by default. So, as Mashal said, you'd have to add this from global config mode:

ssl-encryption aes/3des

Highlighted

I have added the line ssl encryption aes256......

Should I be able to see this line in the config now?

Attempted to open asdm from my desktop application, I put in the correct ip address and username and password and get this error message: unable to launch device manager from ip.

I have had this error the entire time.

Highlighted

do you use webvpn on the same ASA interface which you connect to for ASDM access ?

do you fail when accessing from browser ?

do you have an SSL certificate ready on the ASA ?

please share your config, client OS and Java version.

hope this helps

------------------
Mashal Alshboul

------------------ Mashal Shboul
Content for Community-Ad