I believe that we need some additional information to be able to give good suggestions about this issue. Can you answer these questions and provide this information:

- what is the IP address, mask, and gateway configured on the PC you are attempting access from?

- can the PC ping the address on the ASA?

- is ASDM configured and working correctly from addresses on other VLANs?

- would you post the output of show run | include telnet

- would you post the output of show run | include http

- would you post the output of show ip

HTH

Rick

- what is the IP address, mask, and gateway configured on the PC you are attempting access from?

IP - 172.28.4.3

Mask - 255.255.255.0

GW - 172.28.4.1

- can the PC ping the address on the ASA?

no

- is ASDM configured and working correctly from addresses on other VLANs?

This is the first vLAN we've created except for our Guest network, which is internet only

- would you post the output of show run | include telnet

**Removed outside interfaces from the output**

telnet 172.28.0.0 255.255.252.0 MD-Inside
telnet 192.168.1.0 255.255.255.0 Management
telnet 172.28.4.0 255.255.255.0 MD-Inside-Prod

- would you post the output of show run | include http

**Removed outside interfaces from the output**

aaa authentication http console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 Management
http 172.28.4.0 255.255.255.0 MD-Inside-Prod
http 172.28.0.0 255.255.252.0 MD-Inside

- would you post the output of show ip

**Removed outside interfaces from the output**

System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/1 MD-Inside 172.28.0.1 255.255.252.0 manual
GigabitEthernet0/1.70 MD-Inside-Prod 172.28.4.1 255.255.255.0 manual
GigabitEthernet0/1.168 Guest 192.168.168.1 255.255.255.0 CONFIG
Management0/0 Management unassigned unassigned DHCP
Current IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/1 MD-Inside 172.28.0.1 255.255.252.0 manual
GigabitEthernet0/1.70 MD-Inside-Prod 172.28.4.1 255.255.255.0 manual
GigabitEthernet0/1.168 Guest 192.168.168.1 255.255.255.0 CONFIG
Management0/0 Management unassigned unassigned DHCP

Thanks in advance, I really appreciate you guys' help.

Rick,

You sir are the man. When I read your question "When you attempt ASDM what IP address are you using?" I had a lightbulb moment. I was attempting to access ASDM via the old shortcut it created (which points to 172.28.0.1) from the newly created vLAN. I needed to access from 172.28.4.1 instead.

It was working properly, I was using the wrong IP address. 

Sorry to waste your time, but thanks!!

Jeremy

Jeremy

I am glad that we were able to solve this one. It was an interesting exercise and a good logical progression. First we looked for likely configuration issues and when we did not find configuration issues we looked for other types of mistakes that might cause this. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify discussions with helpful information.

HTH

Rick

We are on cisco managed switches, which I'm fairly certain are set up correctly. From the PC that's on the vLAN, I can ping the subinterface, but I cannot ping the management interface. My PC is using DHCP and has an appropriate IP address.

I am curious about your statement that you can ping the subinterface but cannot ping the management interface. Can you clarify what is the subinterface and what is the management interface? And what address are you using when you attempt ASDM?

Additional questions:

- how are you attempting to start ASDM?

- when you attempt to start ASDM what happens? Do you get a prompt? Do you get an error message? If so what message? Does it just time out?

HTH

Rick