Hi Kristian, There is a bug with cisco wherein java 7 update 51 causes the problem with ASDM access. The bug id is CSCum46193. I would suggest you to downgrade to java version to java 7 update 45 and it would work. - Prateek Verma
... View more
Hi Grant, Try to configure following command and then check whether it works or not: fixup protocol icmp Hope this would help - Prateek Verma
... View more
Hi Jon, 1. Yes, you need to configure that command , it doesn't matter if the traffic is allowed in ACL as well. 2. Yes, you could still use ACL to control the traffic flow even if that command is present. - Prateek Verma
... View more
Hi Jon, It will not check even the access-rule , the packet would get dropped before checking the access-rule as you could see in the packet-tracer output above, but the drop you would see in packet-tracer would be under ACL drop. - Prateek Verma
... View more
Hi Jon, No that would not allow the traffic , it would still show drop in packet-tracer under ACL drop. If 2 dfferent interfaces are at same security level then you need inter-interface command and if you need to access anything behind same interface and traffic is going through firewall then you would required same-security-traffic permit intra-interface command. - Prateek Verma
... View more
Hi Muhammad, First of all you cannot ping far end interface ip from behind a interface, example if you are behind inside then you could only ping inside interface ip of firewall but would not be able to ping other interface ip's of firewall but you would be able to ping the network behind other interfaces, for that please configure the following command: fixup protocol icmp Secondly, for connecting the IPS in network you could folow the following steps: Please follow the following steps:
1. Point the gateway of the IPS to a Layer 3 interface in the network other than the ASA management nameif IP. This device must support routing between both subnets; for example, 192.0.2.2/24,192.0.2.254. (192.0.2.2 is IPS ip and 192.0.2.254 is ip of vlan on switch)
2. Create a static route on the inside interface of the ASA to point the traffic to the layer 3 interface IP address; for example, route inside 192.0.2.2 255.255.255.255 192.51.100.254.
3. Make sure all ACL and NAT rules apply to the IP address of the IPS management.
In this configuration, the IPS sends requests for Global Correlation updates, License requests, and IPS signature updates to the default gateway (192.0.2.254) and is translated to the outside address. Return traffic is routed back using the inside route and is forwarded to the Layer 3 device that houses an interface in the inside and management networks.
Also please let me know the version of IPS and java which you are using. Hope it will help. - Prateek Verma
... View more
Hi Rizwan, Please try to use the following command and then check, since DMZ and outside interface are both on same security level: same-security-permit traffic inter-interface - Prateek Verma
... View more
Hi, As I could see in you show version output the license for 3des is disabled. In order to access ASDM you must have 3des license enabled and ssl encryption should include 3des. - Prateek Verma
... View more
Hi, Please send the output of the following commands: Show run asdm Show flash Show run http Show run aaa Show run all ssl Show version The ip from where you are trying to access it and it's behind which interface of firewall as well which java version you have on that machine. - Prateek Verma
... View more
Hi Anthony, Since, you must have following command on ASA: aaa authentication http console LOCAL Along with that , there should be a username and password in ASA's local database. So try to configure following command and then check: username cisco password cisco After this try to access ASDM with username and password both cisco and check whether it works or not. - Prateek Verma
... View more