This is a clean config from yesterday. I've been hacking away at it today but nothing too big has changed.

What do users see when they browse to the outside address or FQDN using https?

Somewhere I would expect to see a command like:

ssl trust-point ASDM_TrustPoint0 outside

I have this line: ssl trust-point ASDM_TrustPoint2 outside

When I navigate to the page, nothing shows up. When I ping the page from outside the firewall, pings return, but again, the portal doesn't appear.

Ok, so I got the web portal working. I realized you can't have the asdm page and the webvpn page going to the same address. What I need to do now is get the ASDM working with the firewall again.

I get a "cannot open device" error. The only thing I see different is the asdm version. When I go to the right homepage I get offered to download and install asdm, so I'm thinking I need to update the asdm version?

7.1(5) on my 5520 compared to 6.2(1) on the 5510. It's just strange because I was able to get into both of them when I originally started configuring the VPN, so I don't know why configuring the VPN would have the unintended consequence of downgrading the ASDM.

It is very hard for me to imagine a scenario where configuring VPN would result in downgrade of ASDM. Running ASDM is dependent on having the appropriate version of ASDM on the disk and having the config command for ASDM point to that file.

So what version of ASDM is on disk0? And what file does the config command for ASDM point to?

HTH

Rick

I went to the SSL VPN service page, it shows 6.2(1). I SSH into the 5510, the asdm-715 image is in there. I delete it out for safe measure and re-transfer it. Then I set it to be the asdm image and delete out the asdm-621.bin file.

I go back to the SSL VPN service page, it still shows 6.2(1)! And it still won't let me connect in from my other ASDM application already running. When I try to add it as another device I get "could not open device". When I try to download the launcher from the 6.2(1) page and connect in, it gives me an "unable to connect".

Either there's something I'm missing here or just I need to reboot the device to get it working properly.

A reboot wouldn't hurt after all the changes in and out - sometimes certain settings fail to "take" even though it is documented that reboot is not required. You migft also clear your browser cache or try using an incognito session to make sure you aren't pulling up cached content.

As far as AnyConnect and ASDM interoperability, both can be accessed from the same address.

The FQDN corresponding to your IP address is used for AnyConnect. (There is the option of further specifying URL strings for individual connection profiles in lieu of the dropdown list but that's seldom used in my experience.)

If you allow ASDM ("http enable"... command) to that interface, you would further need to specify /admin after the FQDN if SSL VPN (AnyConnect-based) is also enabled for that interface. If there's no AnyConnect profile associated with the interface and ASDM is allowed, the the ASA will redirect your address (without /admin) to include the string "admin/public/index.html". 

Marvin, the reboot didn't fix the issue, which is disappointing. I have this firewall set up like my 5520. The inside and outside interface addresses will bring up the SSL VPN service page (log in, download the AC client) while the asdm page is the inside address followed by a high port number.

Even after the reboot, the asdm page is still showing 6.2(1) even though the bin file for it doesn't even exist on the device anymore! If for some reason that page shows the wrong version but really is running the right version, I'm not sure what the issue is.

Here's an updated sanitized config. At this point I'd be open to suggestions for commands to debug this if someone can't find the issue from the config supplied.

Thanks for the new copy of the config. I have looked at it and do not see obvious problems. I would like to be sure that I have a correct understanding of the current issue. Is it correct that now the AnyConnect VPN is working ok? Is it correct that ASDM will now run and show the ASA but indicates the wrong version?

HTH

Rick

Richard, the anyconnect VPN is working now. I can get to that SSL VPN Service login page and login now fine. I can get to the ASDM page (where you can download the ASDM client or run it in the browser) but no matter what option I choose I cannot connect in. Besides those two options, I can't connect in from another ASDM application I already have on my machine (Win 7). I have the ASDM software installed on my Win 8 machine and I tried there, it also wouldn't let me connect in.

@Marvin Rhoads and Richard, i have similar issue using Cisco ASA 5515-x when am connecting through windows XP using IE8 i can connect and get to my remote local network but when i used windows 7 with IE11 it will display this message on my browser 

@Medy, this looks like a separate issue from my issue as I can't even connect in with the ASDM program and my browser doesn't throw up those or any error messages.

Please start your own thread with the specifics of your case so someone can help you more accurately.