cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
429
Views
0
Helpful
2
Replies
Highlighted
Beginner

issues accessing ASDM after copying config

Hello,

 

In order to help speed up setup of a secondary ASA 5508, I verified that they were on the same firmware version, and backed up both the configurations from the working 5508.

 

From there, I edited the running config/startup-config to match the details for the secondary appliance (hostname, interface IPs, etc).

 

I ran into a bit of a wrinkle though. It appears I cannot log in to the secondary appliance via ASDM now. I reset login credentials, but what I'm concerned on is if I need to re-apply the strong encryption license or something along those lines? I'm confused as to what broke in the process of this. It's a lab environment so I'm not worried, but I want to get it rectified. I'm willing to post sanitized outputs as needed to help troubleshoot!

2 REPLIES 2
Highlighted
VIP Mentor

Hi,

You should check your configuration for commands starting "http...."

 

http server enable
aaa authentication http console LOCAL
http 192.168.10.0 0.0.0.255 INSIDE

 

The example above would enable http access and allow access from the network 192.168.10.0/24 on the INSIDE interface, using local authentication (you would need to define a local username on the ASA).


HTH

Highlighted
Cisco Employee

Hi,

 

Are you setting this up as part of ASA failover aka high availability or just a back up ASA to be used if needed and where you copy the configuration manually? 

 

if it is the first case no need to copy all the config, just put the failover config and it will replicate. while if it is the second case you need to follow this approach:

1- what error do you get when you try ADSM ?

2- are you able to load the ASA ASDM page via https in the browser and what error do you get ?

3- do packet captures on the ASA and check what level of exchange you have there :

capture capasdm interface [ifname-like-inside] match tcp any host ASA-address eq 443

test and then :

show cap capasdm

 

4- continue based on the results you get above. 

 

Content for Community-Ad