01-19-2023 03:59 PM
Hi Everyone, I'm quite new to manual operation of Cisco ASA and I'm learning the fundamentals.
Right now, I'm at a stage where I'm unable to login to ASDM launcher from my Chrome/ Edge webbrowser.
Here's the show run excerpt:
ciscoasa(config)# show run
: Saved
:
ASA Version 8.2(1)
!
firewall transparent
hostname ciscoasa
enable password Q6PcEw0JPNC8SDNU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
shutdown
no nameif
no security-level
!
interface Ethernet0/1
shutdown
no nameif
no security-level
!
interface Ethernet0/2
shutdown
no nameif
no security-level
!
interface Ethernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
shutdown
no nameif
no security-level
management-only
!
ftp mode passive
pager lines 24
no ip address
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl certificate-authentication interface port 443
!
!
prompt hostname context
Cryptochecksum:00000000000000000000000000000000
: end
Solved! Go to Solution.
01-19-2023 08:09 PM
Thanks for the assistance MHM Cisco World
I was able to resolve the issue and now have logged into the ASDM by using Internet Explorer, install Java 6.27
01-19-2023 04:01 PM
https://www.grandmetric.com/knowledge-base/design_and_configure/cisco-asa-enable-asdm-access-asa/
there is some command missing,
please check the link
01-19-2023 04:19 PM
http 0.0.0.0 0.0.0.0 <interface> <<- this command missing, the interface is the interface you access in for asdm.
01-19-2023 04:21 PM
https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/116403-configure-asdm-00.html
also please config you have asdm image in asa? if not please check link above.
01-19-2023 04:39 PM
Also, I have now followed up with these commands to include the PC ip:
ciscoasa(config)# show asdm image
Device Manager image file, disk0:/asdm-621.bin
ciscoasa(config)#
ciscoasa(config)# http server en
ciscoasa(config)# sh run http
http server enable
http 192.168.2.20 255.255.255.255 ManageASDM
http 192.168.2.0 255.255.255.0 ManageASDM
ciscoasa(config)# http 192.168.2.17 255.255.255.255 manageASDM
ciscoasa(config)# ping 192.168.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa(config)#
But still I'm unable to access ASDM admin via Browser
01-19-2023 04:30 PM
Thanks.
I've put the command: http 192.168.2.20 255.255.255.255 manageASDM
Also, I checked previously I have asdm-621
ciscoasa(config)# sh flash
--#-- --length-- -----date/time------ path
3 4096 Jan 01 2003 00:03:34 log
10 4096 Jan 01 2003 00:03:46 crypto_archive
11 4096 Jan 01 2003 00:03:50 coredumpinfo
12 43 Jan 19 2023 12:01:48 coredumpinfo/coredump.cfg
26 12998641 May 15 2012 19:20:38 csd_3.5.2008-k9.pkg
27 4096 Jul 23 2012 21:11:46 sdesktop
28 6487517 May 15 2012 19:20:44 anyconnect-macosx-i386-2.5.2014-k9.pkg
29 6689498 May 15 2012 19:20:46 anyconnect-linux-2.5.2014-k9.pkg
30 4678691 May 15 2012 19:20:48 anyconnect-win-2.5.2014-k9.pkg
31 4096 Jul 19 2012 18:04:36 tmp
32 16275456 Mar 23 2015 17:51:54 asa821-k8.bin
33 11348300 Mar 23 2015 17:52:34 asdm-621.bin
Just a quick question, I've connected the ASA's Management port to my PC's ethernet.
ASA's management ip addr: 192.168.2.17
PC ethernet ip addr: 192.168.2.20
I'm unable to ping from ASA to PC. but I can ping from PC to ASA.
ciscoasa(config)# ping 192.168.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.20, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
Is this something that causing the issue?
01-19-2023 04:40 PM - edited 01-19-2023 04:43 PM
icmp permit any management_interface <<- try add this command in global mode
if not work try ping tcp
https://www.petenetlive.com/KB/Article/0001445
ping tcp give option to specify the interface you can use for ping
01-19-2023 04:44 PM - edited 01-19-2023 04:47 PM
I'm able to ping both sides now. From ASA to PC and from PC to ASA.
ciscoasa(config)# ping 192.168.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa(config)#
I'm still uanble to login to ASDM via Browser.
01-19-2023 04:54 PM
check this link, check the Scenario 2
01-19-2023 05:13 PM
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 <<- add this and try again.
01-19-2023 05:17 PM - edited 01-19-2023 05:23 PM
ciscoasa(config)# ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Still same issue with the browser error:
192.168.2.17 uses an unsupported protocol.
01-19-2023 05:21 PM
show run all ssl <<- please share this
01-19-2023 05:26 PM
Also here's my sh run all ssl:
ciscoasa(config)# sh run all ssl
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl certificate-authentication interface ManageASDM port 443
01-19-2023 05:34 PM
show ssl <<- I need to see this
01-19-2023 05:40 PM
Here it is
ciscoasa(config)# sh ssl
Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to SSLv3 or TLSv1
Start connections using SSLv3 and negotiate to SSLv3 or TLSv1
Enabled cipher order: rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
Disabled ciphers: des-sha1 rc4-md5 null-sha1
No SSL trust-points configured
Certificate authentication:
ManageASDM interface: port 443
ciscoasa(config)#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide