Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
7
Replies

ASA Webpage Access Lost After VPN Config Applied

swaite2121
Level 1
Level 1

‎08-03-2017 01:57 PM

Hello!

I have several ASA5525Xs that I am in the process of trying to patch from ASA version 9.1(7)4 and ASDM version 7.5(2)153 to ASA version 9.4(4.5) and ASMD version 7.6(2) respectively. The issue I am having is that the ASA and ASDM upgrade will apply with no issue but whenever access is attempted through either the existing installed version of ASDM or by browsing to the https://ASA_MGMT_IP/admin web page no connection is established. Multiple browsers, Firefox v52, v50, IE11.0.9600, and Firefox on RHEL 6.8 Firefox v48, all give the same error, web page can not be displayed. I have tried to change the port the HTTP server is enabled on, no change. Everything will connect fine with no issues as long as there is no config loaded. Once I put in the config to run my IPsec site-to-site VPN I lose access to the page. I am attempting access through the management port. Any ideas what in the VPN config could be causing a loss of connection to the web page?

Labels:
0 Helpful
7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-03-2017 06:58 PM

Is it only https that you lose or is ssh connectivity also affected?

0 Helpful

swaite2121
Level 1
Level 1
In response to Marvin Rhoads

‎08-04-2017 11:27 AM

Only HTTPS traffic is affected.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎08-03-2017 09:45 PM

Hi,

Can you share the config which leads to this issue?

Also do you make any change in HTTP related config on ASA?

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

swaite2121
Level 1
Level 1
In response to Aditya Ganjoo

‎08-04-2017 01:34 PM

There were no changes in the HTTP config.

Preview file
7 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to swaite2121

‎08-04-2017 08:14 PM

What is the source address from which you are trying to access ASDM?

Have you tried connecting directly to the management interface (or subnet) and connecting?

Also, your trustpoint setup looks odd. I don't see the certificates. Can you remove the following and try again:

crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
 enrollment self
 fqdn none
 subject-name CN=host,CN=Switch
 keypair ASDM_LAUNCHER
 crl configure

crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
  quit
0 Helpful

swaite2121
Level 1
Level 1
In response to Marvin Rhoads

‎08-07-2017 01:56 PM

I have tried both from 230.x directly connected to the management interface and from 231.x which is not directly connected and no access from either.

The certificates are there but were scrubbed out before posting. I have deleted them and no access is available whether they are there or not.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to swaite2121

‎08-07-2017 07:30 PM

Confirm the ASA is listening on port 443 as follows:

show asp table socket | i LISTEN | SSL 

Have you tried a packet capture when you are directly connected and making the attempt?

0 Helpful
Customers Also Viewed These Support Documents