Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1056
Views
0
Helpful
8
Replies

ASA 5505 ASDM not working

jason0923
Level 1
Level 1

‎05-11-2014 02:45 PM - edited ‎03-04-2019 10:58 PM

I'm trying to use the ASDM for a ASA 5505. To my knowledge its never been used before here. I checked and it as the file installed when i put the IP address in the broswer I get a login prompt but I don't know what it wants. I have tried every username and [assword for the ASA I have and nothing works. I can login to the ASA via SSH and telnet so I know the passwords work. I have the HTTP enable command there. Can anyone help me out?

Labels:
0 Helpful
8 Replies 8

johnlloyd_13
Level 9
Level 9

‎05-11-2014 11:49 PM

hi,

do you have a local user or AAA configured?

could you issue show run user and show run aaa?

make sure you have a local user with privilege 15 configured on the ASA.

username <user> password <password> privilege 15

0 Helpful

jason0923
Level 1
Level 1
In response to johnlloyd_13

‎05-12-2014 04:39 AM

I have a user configured with priv 15 and it shows in the config. I can't seem to use that username and pwd to login via the browser

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jason0923

‎05-12-2014 12:12 PM

Hi,

if you didn't specify the local authentication for http then it will use the enable password with no username if my memory is correct.

Verify you have aaa authentication http CONSOLE local and you'll be able to use the local user/pass

 

Regards

 

Alain

Don't forget to rate helpful posts.
0 Helpful

jason0923
Level 1
Level 1
In response to cadet alain

‎05-12-2014 12:14 PM

I have this in the config

aaa authentication http console LOCAL


Neither the account I created or blank with the enable password lets me past the browser login page to download the client

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jason0923

‎05-12-2014 12:26 PM

Can you post the sanitized config from the ASA?

 

Regards

 

Alain

Don't forget to rate helpful posts.
0 Helpful

jason0923
Level 1
Level 1
In response to cadet alain

‎05-12-2014 12:30 PM

Sure

 


ASA Version 7.2(3)
!
hostname mine
domain-name mine
enable password CyQcVKTj6CW8.Vsj encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.192.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.255.248
!
interface Vlan3
 mac-address 001f.6ce3.bd99
 no forward interface Vlan1
 nameif guest
 security-level 10
 ip address 205.10.2.1 255.255.255.0
!
interface Ethernet0/0
 description Internet-Connection
 switchport access vlan 2
!
interface Ethernet0/1
 description Connection to Inside Network
 speed 100
 duplex full
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 switchport access vlan 2
!
interface Ethernet0/4
 switchport access vlan 3
!
interface Ethernet0/5
 description Connection to Public Network
 switchport access vlan 3
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
passwd CyQcVKTj6CW8.Vsj encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name vetsmemorial
access-list guest extended permit icmp any any
access-list guest extended permit ip any any
access-list inside extended permit icmp any any
access-list inside extended permit ip any any
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit tcp any any eq 8440
access-list nonat extended permit ip 192.168.192.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list outside-in extended permit tcp any any eq https
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433
access-list outside-in extended permit tcp host X any eq 1433

pager lines 24
logging enable
logging buffer-size 16384
logging monitor notifications
logging buffered informational
mtu inside 1500
mtu outside 1500
mtu guest 1500
ip local pool vpn-ip 192.168.252.1-192.168.252.10
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm.bin
no asdm history enable
arp timeout 14400
global (outside) 1 X
global (outside) 2 X
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.192.0 255.255.255.0
nat (guest) 2 205.10.2.0 255.255.255.0
static (inside,outside) tcp interface www 192.168.192.170 www netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.192.170 https netmask 255.255.255.255
static (inside,outside) x.x.x.x 192.168.192.52 netmask 255.255.255.255
access-group inside in interface inside
access-group outside-in in interface outside
access-group guest in interface guest
route outside 0.0.0.0 0.0.0.0 X.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication http console LOCAL
http server enable
http 192.168.192.0 255.255.255.0 inside
snmp-server host inside 192.168.192.10 poll community ciscosnmp
snmp-server location PIX
no snmp-server contact
snmp-server community ciscosnmp
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
crypto ipsec transform-set DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map dynvpn 10 set transform-set DES-MD5
crypto map vpn 65535 ipsec-isakmp dynamic dynvpn
crypto map vpn interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash md5
 group 2
 lifetime 28800
crypto isakmp nat-traversal  20
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 30
console timeout 0
dhcpd dns 209.253.113.10 209.253.113.18
!
dhcpd address 205.10.2.2-205.10.2.254 guest
dhcpd dns 8.8.8.8 8.8.4.4 interface guest
dhcpd enable guest
!

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect ipsec-pass-thru
!
service-policy global_policy global
group-policy RA-VPN internal
group-policy RA-VPN attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value nonat
username accountpassword gVi.DkNe5MzHLTBD encrypted privilege 15
username VMRemote password .RSNgq92vZTSELWV encrypted
username VMRemote attributes
 vpn-group-policy RA-VPN
username VMVPN password jSqp8CjjxHhRa6jk encrypted
username names password jDS98nJtthzlEvw5 encrypted
tunnel-group VMVPN type ipsec-ra
tunnel-group VMVPN general-attributes
 address-pool vpn-ip
tunnel-group VMVPN ipsec-attributes
 pre-shared-key *
prompt hostname context

 

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to jason0923

‎05-12-2014 12:44 PM

Hi,

no username accountpassword gVi.DkNe5MzHLTBD encrypted privilege 15

username account password xxxx privilege 15

 

Regards

 

Alain

Don't forget to rate helpful posts.
0 Helpful

jason0923
Level 1
Level 1
In response to cadet alain

‎05-12-2014 12:47 PM

I just changed the name of the account for this post the command in there is already

 

username JASON password gVi.DkNe5MzHLTBD encrypted privilege 15

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card