Forbidden File or Application

pfdrinstr1 · ‎03-04-2011

I cant talk to the ASDM, I get the CLI of course and I get no Internet.

My network goes

Router 2600 with x number of outside ips

then it goes to ASA 5510

then to HP Pro curve switch that connects to all the 192.168.1.XXX server 192.168.2.XXX (issuesd by dhcp from server)

Can anyone look at my CLI see what is wrong?

ASA Version 8.3(1)
!
hostname wsigateway
domain-name wsystems.com
enable password yVSkMxWRc/S396FB encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXX!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.XXX.XXX.XXX 255.XXX.XXX.XXX!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 172.XXX.XXX.XXX 255.XXX.XXX.XXX

management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name wsystems.com
object network email_server_static
host 192.XXX.XXX.XXX

object network wsiftp_static
host 192.XXX.XXX.XXX

object network terminal1_static
host 192.XXX.XXX.XXX

object network ram_static
host 192.XXX.XXX.XXX

access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq smtp
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq ftp
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq 3389
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq 162
access-list 100 extended permit tcp any host 64.XXX.XXX.XXX eq https
access-list 100 extended deny ip any any log
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (management,outside) source dynamic any interface
!
object network email_server_static
nat (inside,outside) static 64.XXX.XXX.XXX

object network wsiftp_static
nat (inside,outside) static 64.XXX.XXX.XXX

object network terminal1_static
nat (inside,outside) static 64.XXX.XXX.XXX

object network ram_static
nat (inside,outside) static 64.132.162.70
route outside 0.0.0.0 0.0.0.0 64.XXX.XXX.XXX

route inside 192.XXX.XXX.XXX 255.XXX.XXX.XXX 192.XXX.XXX.XXX

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.XXX.XXX.XXX.XXX.XXX.XXX management
http 172.XXX.XXX.XXX 255.XXX.XXX.XXX management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet

jubetz · ‎03-04-2011

Hi Donney,

You're missing the "asdm image " command. You need to copy the ASDM image onto the ASA's flash, then use this command to tell the ASA to use that as the running version of ASDM. This is how you upgrade ASDM as well; just point to a new image in flash.

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/command/reference/a2.html#wp1716977

Best regards,

-jb

View solution in original post

jubetz · ‎03-04-2011

Hi Donney,

You're missing the "asdm image " command. You need to copy the ASDM image onto the ASA's flash, then use this command to tell the ASA to use that as the running version of ASDM. This is how you upgrade ASDM as well; just point to a new image in flash.

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/command/reference/a2.html#wp1716977

Best regards,

-jb

pfdrinstr1 · ‎03-04-2011

This what I get at the links

Forbidden File or Application

The file or application you are trying to access may require additional entitlement or you are trying to access a file with an invalid name. Additional entitlement levels are granted based on a users relationship with Cisco on a per-application basis.

If you feel you have reached this page in error, please try one of the following methods to locate your document:

If you are manually entering the URL into your browser location bar, be sure to include the file name of the page you are trying to access (file names typically end in .htm, .html or .shtml).
Use the Search feature located in the upper right section of this page.
Return to the Cisco.com Home or select a primary site area from the top navigation bar.
Consult with your Cisco Account Manager to confirm you have the appropriate entitlement to access this page.

If you would like to contact someone about this problem, please click on the Contacts & Feedback link below.

pfdrinstr1 · ‎03-06-2011

I got it thank you

ASA 5510 config issues

Forbidden File or Application