Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1035
Views
0
Helpful
2
Replies

can't open asdm in pix525!help

Ru Song Fu
Level 1
Level 1

‎10-11-2006 06:13 AM - edited ‎03-09-2019 04:29 PM

I think my conifigure correct!!but ASDM can't open.my pc is ie6.0,java is install.inside interface ping is ok.user cisco asdm launcher display:"remote host closed connection during handshake".I user ie6.0 connection:https://155.222.2.109. I can open other firewall the ASDM on the FWSM.So i think my pc system request is OK!!

cisco# sh ver

Cisco PIX Security Appliance Software Version 7.2(1)

Device Manager Version 5.2(1)

Compiled on Wed 31-May-06 14:45 by root

System image file is "flash:/pix721.bin"

Config file at boot was "startup-config"

cisco up 29 secs

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC (IRE2141 with 2048KB, HW:1.0, CGXROM:1.9, FW:6.5)

0: Ext: Ethernet0 : address is 0006.287c.dc33, irq 10

1: Ext: Ethernet1 : address is 0006.287c.dc34, irq 11

2: Ext: Ethernet2 : address is 00b4.0080.d29c, irq 5

3: Ext: Ethernet3 : address is 00d0.b784.8d35, irq 11

Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Disabled

VPN-3DES-AES : Disabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: 405261952

Running Activation Key: 0x052a9ab5 0xbe9db24e 0x28cedada 0xf11f8236

Configuration has not been modified since last system restart.

cisco# sh run

: Saved

:

PIX Version 7.2(1)

!

hostname cisco

domain-name cisco.com

enable password xxx

names

!

interface Ethernet0

nameif outside

security-level 0

ip address 11.0.x.x.255.255.0

!

interface Ethernet1

nameif inside

security-level 100

ip address 155.222.x.x.255.255.0

!

interface Ethernet2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet3

shutdown

no nameif

no security-level

no ip address

!

passwd xxx

ftp mode passive

dns server-group DefaultDNS

domain-name cisco.com

access-list test extended permit ip any any

access-list icmp extended permit icmp any any

pager lines 24

mtu outside 1500

mtu inside 1500

no failover

asdm image flash:/asdm-521.bin

no asdm history enable

arp timeout 14400

access-group icmp in interface outside

route inside 155.0.0.0 255.0.0.0 155.222.2.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 155.0.0.0 255.0.0.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 155.0.0.0 255.0.0.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

Labels:
0 Helpful
2 Replies 2

a.kiprawih
Level 7
Level 7

‎10-16-2006 08:56 AM

Assuming your IE and Java met the requirements (can access FWSM web gui), then do a quick check on your self-cert, as it might be corrupted.

1. View the cert: sh ca mypubkey rsa

2. Clear the rsa key: ca zeroize rsa

3. Generate new key: ca generate rsa key 1024

The 1024 is only a modulus value, you can assign different number here

4. Check the new key: sh ca mypubkey rsa

Optional:

5. Create user ID/account using "username password privilege 15".

Try to access to ASDM again. If you do not have any user account, leave username empty, and enter 'cisco' in the password field. Or if you configured user ID, key-in the username and password.

HTH

AK

0 Helpful

fzamora
Cisco Employee
Cisco Employee

‎10-16-2006 04:35 PM

Hi,

I found the problem, take a look below:

VPN-DES : Disabled

VPN-3DES-AES : Disabled

Encryption must be enabled for you to generate the rsa key.

The ASDM must connect using an encrypted connection. That connection is facilitated by the rsa key.

DES & 3DES licenses are now free. Simply forward the show ver to: licensing@cisco.com and request that they enable 3des for you.

Enter the new activation key

"activation-key "

After that do

"crypto key generate rsa"

Then do

"write mem"

Then try connecting with the ASDM

Franco Zamora

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents