Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4698
Views
5
Helpful
18
Replies

ASA 9.18.3. cannot access Client Profile

gaigl
Level 3
Level 3

‎11-09-2023 12:34 AM

Hello,

while trying new Cisco Secure Client 5, on Firepower 21xx (same on FPR4112) with ASA 9.18.3.56 and ASDM 7.19.1.95 I can't access the Profile Editor: if I click on the "Secure Client Profile" ASDM still shows me the Client Images.

I've tried to remove the 5.x Clients, but nothing happens, tried with ver 5.1.0.136 and 5.0.05040.

on the CLI I see the profile:

 

 anyconnect profiles ACME-PROFILE.TEST disk0:/acme-profile.test.xml

 

3 people had this problem
Labels:
0 Helpful
18 Replies 18

pieterh
VIP
VIP

‎11-09-2023 03:45 AM

"ASDM still shows me the Client Images"
did you try selecting an image before you can proceed ?

0 Helpful

gaigl
Level 3
Level 3

‎11-09-2023 03:54 AM

the images are ok, tried different versions, what is missing is the client profile (where I configure the xml)

I've got the Menue, but clicking on the Menue nothing happens

I know, the Configuration of the profile editor depends on the image-version

0 Helpful

MHM Cisco World
VIP
VIP

‎11-09-2023 04:03 AM

I think you need to change the extension by using  test editor 
or 
using XML file directly via XML editor  

Thanks A Lot
MHM

0 Helpful

gaigl
Level 3
Level 3
In response to MHM Cisco World

‎11-09-2023 04:13 AM

sorry, don't understand:

you think the file is corrupt? The clients can work and get the the file when they connect.

I can't edit the profile, because I don't have access to the menue

It's the same on a Prod Cluster of Firepower 4112, so I would wonder if it happens the same time on both systems

0 Helpful

gaigl
Level 3
Level 3

‎11-09-2023 04:04 AM

it looks kike this:

gaigl_0-1699531427073.png

so if I click on "secure client profile" it hangs on the last position of the menue

gaigl
Level 3
Level 3

‎11-20-2023 10:39 PM

I tested on anothe Machine:

as soon as I add the client image cisco-secure-client-win-5.1.0.136-webdeploy-k9.pkg (or a 5.0.xxx) to the list of client images and click on apply and save, I cannot edit the client profile (clicking on "Secure Client Profile" nothing happens).

First Time I see a Message about missing client editor plugin

0 Helpful

gaigl
Level 3
Level 3

‎11-20-2023 11:14 PM

after a reboot without a client image of secure client 5 I get this error message:

gaigl_0-1700550852308.png

 

0 Helpful

pieterh
VIP
VIP
In response to gaigl

‎11-20-2023 11:30 PM - edited ‎11-20-2023 11:59 PM

removed the content, was not correct

0 Helpful

pieterh
VIP
VIP
In response to pieterh

‎11-21-2023 12:12 AM

did you check this restriction?

Changes to the Cisco Secure Client Profile Editor

You must install Java, version 8 or higher, before launching the profile editor. Cisco Secure Client Profile Editor supports OpenJDK and also Oracle Java. For certain OpenJDK builds, Profile Editor may fail to launch when the JRE path cannot be determined. Navigate to the installed JRE path where you will be prompted to properly launch the Profile Editor.

0 Helpful

gaigl
Level 3
Level 3
In response to pieterh

‎11-21-2023 12:15 AM

sorry, but I don't want to run the Profile Editor on the Client, I need the profile Editor on the ASA (ASDM) -> Headend Deployment

0 Helpful

pieterh
VIP
VIP
In response to gaigl

‎11-21-2023 12:57 AM - edited ‎11-21-2023 01:00 AM

this IS because it is started from ASDM !
ASDM also uses a version of Java, but the profile editor may need a different version than ASDM

  • ASDM 7.19(1) requires Oracle Java version 8u261 or later—Before you upgrade to ASDM 7.19, be sure to update Oracle Java (if used) to version 8u261 or later. This version supports TLSv1.3, which is required to upgrade the ASDM Launcher. OpenJRE is not affected.

0 Helpful

gaigl
Level 3
Level 3
In response to pieterh

‎11-21-2023 01:12 AM

gaigl_0-1700557926078.png

 

0 Helpful

gaigl
Level 3
Level 3

‎11-20-2023 11:55 PM - edited ‎11-20-2023 11:57 PM

Core and Start Before Login; but this is the client-installation. The Problem is on the Headend.

the Client gets the Profile.xml, but on the Headend (Firepower with ASA Software I cannot edit the Profile

0 Helpful

gaigl
Level 3
Level 3

‎11-21-2023 11:17 PM - edited ‎11-21-2023 11:18 PM

tested some issues:

fresh Download of cisco-secure-client-win-5.1.0.136-webdeploy-k9.pkg because the file showed a later Date. Checked the MD5

Updated a DEV Firepower to ASA 9.18.4 with ASDM 7.20.1, no change in behaviour

run the ASDM on a Win 10 Client with Oracle Java 1.8.0_381 and where the Win Profile editor is installed, no change

behaviour:

client image anyconnect-win-4.10.07061-webdeploy-k9.pkg is placed under "Secure Client Software" -> ASDM Profile Editor is working fine, I can edit, validate

adding client image cisco-secure-client-win-5.1.0.136-webdeploy-k9.pkg, apply, save (sometimes after save, both client images disappear), restart ASDM, can't access ASDM Profile Editor (this is happening sometimes after a second Restart)

delete client image cisco-secure-client-win-5.1.0.136-webdeploy-k9.pkg (Entry and File), apply, save, restart ASDM, client profile is accessible again.

Customers Also Viewed These Support Documents