Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1377
Views
40
Helpful
19
Replies

Unable to Login to ASDM via HTTP - Cisco ASA 5510

Go to solution
hasan0242
Level 1
Level 1

‎01-19-2023 03:59 PM

Hi Everyone, I'm quite new to manual operation of Cisco ASA and I'm learning the fundamentals. 

Right now, I'm at a stage where I'm unable to login to ASDM launcher from my Chrome/ Edge webbrowser. 

Here's the show run excerpt: 

ciscoasa(config)# show run
: Saved
:
ASA Version 8.2(1)
!
firewall transparent
hostname ciscoasa
enable password Q6PcEw0JPNC8SDNU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
shutdown
no nameif
no security-level
!
interface Ethernet0/1
shutdown
no nameif
no security-level
!
interface Ethernet0/2
shutdown
no nameif
no security-level
!
interface Ethernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
shutdown
no nameif
no security-level
management-only
!
ftp mode passive
pager lines 24
no ip address
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl certificate-authentication interface port 443
!
!
prompt hostname context
Cryptochecksum:00000000000000000000000000000000
: end

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hasan0242
Level 1
Level 1

‎01-19-2023 08:09 PM

Thanks for the assistance MHM Cisco World
I was able to resolve the issue and now have logged into the ASDM by using Internet Explorer, install Java 6.27 

 

View solution in original post

19 Replies 19

Go to solution
MHM Cisco World
VIP
VIP

‎01-19-2023 04:01 PM

https://www.grandmetric.com/knowledge-base/design_and_configure/cisco-asa-enable-asdm-access-asa/

there is some command missing, 
please check the link

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to hasan0242

‎01-19-2023 04:19 PM

http 0.0.0.0 0.0.0.0 <interface> <<- this command missing, the interface is the interface you access in for asdm.

Go to solution
hasan0242
Level 1
Level 1
In response to MHM Cisco World

‎01-19-2023 04:39 PM

Also, I have now followed up with these commands to include the PC ip: 

ciscoasa(config)# show asdm image
Device Manager image file, disk0:/asdm-621.bin
ciscoasa(config)#
ciscoasa(config)# http server en
ciscoasa(config)# sh run http
http server enable
http 192.168.2.20 255.255.255.255 ManageASDM
http 192.168.2.0 255.255.255.0 ManageASDM
ciscoasa(config)# http 192.168.2.17 255.255.255.255 manageASDM
ciscoasa(config)# ping 192.168.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa(config)#

But still I'm unable to access ASDM admin via Browser

0 Helpful

Go to solution
hasan0242
Level 1
Level 1

‎01-19-2023 04:30 PM

Thanks. 
I've put the command: http 192.168.2.20 255.255.255.255 manageASDM

Also, I checked previously I have asdm-621 
ciscoasa(config)# sh flash
--#-- --length-- -----date/time------ path
3 4096 Jan 01 2003 00:03:34 log
10 4096 Jan 01 2003 00:03:46 crypto_archive
11 4096 Jan 01 2003 00:03:50 coredumpinfo
12 43 Jan 19 2023 12:01:48 coredumpinfo/coredump.cfg
26 12998641 May 15 2012 19:20:38 csd_3.5.2008-k9.pkg
27 4096 Jul 23 2012 21:11:46 sdesktop
28 6487517 May 15 2012 19:20:44 anyconnect-macosx-i386-2.5.2014-k9.pkg
29 6689498 May 15 2012 19:20:46 anyconnect-linux-2.5.2014-k9.pkg
30 4678691 May 15 2012 19:20:48 anyconnect-win-2.5.2014-k9.pkg
31 4096 Jul 19 2012 18:04:36 tmp
32 16275456 Mar 23 2015 17:51:54 asa821-k8.bin
33 11348300 Mar 23 2015 17:52:34 asdm-621.bin

 

Just a quick question, I've connected the ASA's Management port to my PC's ethernet. 
ASA's management ip addr: 192.168.2.17 
PC ethernet ip addr: 192.168.2.20 
I'm unable to ping from ASA to PC. but I can ping from PC to ASA. 

ciscoasa(config)# ping 192.168.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.20, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)

Is this something that causing the issue? 

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to hasan0242

‎01-19-2023 04:40 PM - edited ‎01-19-2023 04:43 PM

icmp permit any management_interface <<- try add this command in global mode 

if not work try ping tcp 
https://www.petenetlive.com/KB/Article/0001445
ping tcp give option to specify the interface you can use for ping 

Go to solution
hasan0242
Level 1
Level 1
In response to MHM Cisco World

‎01-19-2023 04:44 PM - edited ‎01-19-2023 04:47 PM

I'm able to ping both sides now. From ASA to PC and from PC to ASA. 
ciscoasa(config)# ping 192.168.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa(config)#

I'm still uanble to login to ASDM via Browser. 

Go to solution
MHM Cisco World
VIP
VIP
In response to hasan0242

‎01-19-2023 05:13 PM

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 <<- add this and try again. 

0 Helpful

Go to solution
hasan0242
Level 1
Level 1
In response to MHM Cisco World

‎01-19-2023 05:17 PM - edited ‎01-19-2023 05:23 PM

ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

Still same issue with the browser error: 

192.168.2.17 uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
 
Also here's my sh run all ssl: 


ciscoasa(config)# sh run all ssl
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl certificate-authentication interface ManageASDM port 443

 
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to hasan0242

‎01-19-2023 05:21 PM

show run all ssl <<- please share this 

Go to solution
hasan0242
Level 1
Level 1
In response to MHM Cisco World

‎01-19-2023 05:26 PM

Also here's my sh run all ssl: 


ciscoasa(config)# sh run all ssl
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl certificate-authentication interface ManageASDM port 443

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to hasan0242

‎01-19-2023 05:34 PM

show ssl <<- I need to see this

0 Helpful

Go to solution
hasan0242
Level 1
Level 1
In response to MHM Cisco World

‎01-19-2023 05:40 PM

Here it is

ciscoasa(config)# sh ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Disabled ciphers: des-sha1 rc4-md5 null-sha1
No SSL trust-points configured
Certificate authentication:
ManageASDM interface: port 443
ciscoasa(config)#

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card