10-11-2006 06:13 AM - edited 03-09-2019 04:29 PM
I think my conifigure correct!!but ASDM can't open.my pc is ie6.0,java is install.inside interface ping is ok.user cisco asdm launcher display:"remote host closed connection during handshake".I user ie6.0 connection:https://155.222.2.109. I can open other firewall the ASDM on the FWSM.So i think my pc system request is OK!!
cisco# sh ver
Cisco PIX Security Appliance Software Version 7.2(1)
Device Manager Version 5.2(1)
Compiled on Wed 31-May-06 14:45 by root
System image file is "flash:/pix721.bin"
Config file at boot was "startup-config"
cisco up 29 secs
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : VAC (IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5)
0: Ext: Ethernet0 : address is 0006.287c.dc33, irq 10
1: Ext: Ethernet1 : address is 0006.287c.dc34, irq 11
2: Ext: Ethernet2 : address is 00b4.0080.d29c, irq 5
3: Ext: Ethernet3 : address is 00d0.b784.8d35, irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Disabled
VPN-3DES-AES : Disabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: 405261952
Running Activation Key: 0x052a9ab5 0xbe9db24e 0x28cedada 0xf11f8236
Configuration has not been modified since last system restart.
cisco# sh run
: Saved
:
PIX Version 7.2(1)
!
hostname cisco
domain-name cisco.com
enable password xxx
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 11.0.x.x.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 155.222.x.x.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
passwd xxx
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.com
access-list test extended permit ip any any
access-list icmp extended permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
asdm image flash:/asdm-521.bin
no asdm history enable
arp timeout 14400
access-group icmp in interface outside
route inside 155.0.0.0 255.0.0.0 155.222.2.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 155.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 155.0.0.0 255.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
10-16-2006 08:56 AM
Assuming your IE and Java met the requirements (can access FWSM web gui), then do a quick check on your self-cert, as it might be corrupted.
1. View the cert: sh ca mypubkey rsa
2. Clear the rsa key: ca zeroize rsa
3. Generate new key: ca generate rsa key 1024
The 1024 is only a modulus value, you can assign different number here
4. Check the new key: sh ca mypubkey rsa
Optional:
5. Create user ID/account using "username
Try to access to ASDM again. If you do not have any user account, leave username empty, and enter 'cisco' in the password field. Or if you configured user ID, key-in the username and password.
HTH
AK
10-16-2006 04:35 PM
Hi,
I found the problem, take a look below:
VPN-DES : Disabled
VPN-3DES-AES : Disabled
Encryption must be enabled for you to generate the rsa key.
The ASDM must connect using an encrypted connection. That connection is facilitated by the rsa key.
DES & 3DES licenses are now free. Simply forward the show ver to: licensing@cisco.com and request that they enable 3des for you.
Enter the new activation key
"activation-key
After that do
"crypto key generate rsa"
Then do
"write mem"
Then try connecting with the ASDM
Franco Zamora
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide