cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9330
Views
0
Helpful
2
Replies

ASA ASDM Access on the Outside Interface

pootboy69
Level 1
Level 1

We have three ASA5510s, each configured for ssh and http access on the outside interface(s).  One of them has aaa with users/passwords set for both ssh and http.  I can access the ASA configured for aaa from the designated host allowed into the outside interface normally using aaa credentials.  When I try to access either of the other two, they will not accept the enable login password.  The aaa configured ASA is version 8.2, with ASDM 6.21.  The other two are both ASA version 7.0 with ASDM 5.07.  Does the ASA require aaa to be configured for https access?  How can I make these other two accept login for ASDM access?  Thank you!

1 Accepted Solution

Accepted Solutions

Panos Kampanakis
Cisco Employee
Cisco Employee

If you don't have aaa configured then for ASDM you should use empty username and the enable password.

Also you can use the "aaa authenticate http console LOCAL" and use a username/pwd of a priv 15 user to login to ASDM.

To troubleshoot what is failing you can enable "debug http" and "debug aaa" on the ASA to see why the user is rejected.

I hope it helps.

PK

View solution in original post

2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

If you don't have aaa configured then for ASDM you should use empty username and the enable password.

Also you can use the "aaa authenticate http console LOCAL" and use a username/pwd of a priv 15 user to login to ASDM.

To troubleshoot what is failing you can enable "debug http" and "debug aaa" on the ASA to see why the user is rejected.

I hope it helps.

PK

I'd like to thank everyone for their support!  It turns out that there was never anything wrong with the configurations on either ASA.  Yesterday, I upgraded the ASA firmware to v8.2(2) and the ASDM to v 6.6(3).  Once I did that, I could access the inside address of the remote ASA with either the ASDM or through ssh.  I don't understand why this would have made such a difference, but perhaps some Cisco genius could explain it.  In any case, I am going to upgrade our fouth remote ASA to the same revision levels, so I can have direct access to them.  Thanks again, everyone!

Regards,

Wolf

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: