Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
1
Replies

lose connection with the ASDM

westcoastpc
Level 1
Level 1

‎01-24-2014 03:55 PM

Cisco 5510

ASDM was working without issue, we had a power outage and now I cant conenction using the ASDM.  I can Telnet, just not ASDM.

Also IP-SEC VPN clients can connect, get an IP but that is it.  They cant access the LAN, cant ping a device behind the asa 5510.

Here is "show run"  HELP ME PLEASE!!! I am at a lose, tried changed AAA, HTTP server and a few others....

ASDM says unable to lauch devie manager, I also tried on computers and tried removing my JAVA.

:

ASA Version 8.0(2)

!

hostname MtellCiscoASA

domain-name i-fac.com

enable password 12345 encrypted

names

name 69.199.150.237 Outside_PBX description SIP server outside

name 69.199.150.234 PAT_Port

name 172.16.1.30 DMZ_Datastream

name 172.16.1.31 DMZ_DatastreamUI description INFOR EAM v8

name 172.16.1.17 DMZ_DemoMtelligence description VS-17

name 172.16.1.15 DMZ_DevMtelligence

name 172.16.1.20 DMZ_Maximo

name 172.16.1.21 DMZ_MaximoUI description Maximo UI 6.2

name 172.16.1.40 DMZ_SAP

name 172.16.1.163 DMZ_VS73Q

name 172.16.1.14 DMZ_WebServer description DMZ-S14

name 172.16.1.60 DMZ_ManfToolkit

name 69.199.150.232 Outside_Datastream

name 69.199.150.228 Outside_Demo

name 69.199.150.229 Outside_Maximo

name 69.199.150.230 Outside_Mtelligence description Website and E-Mail

name 69.199.150.233 Outside_SAP

name 69.199.150.238 Outside_VPN

name 192.168.1.8 Inside_DC3

name 192.168.1.103 Inside_IFC-X description Exchange

name 192.168.1.164 Inside_Maximo

name 69.199.150.227 Outside_Exchange

name 208.65.144.0 McAffee_Inbound1

name 208.81.64.0 McAffee_Inbound2

name 208.65.144.245 McAfee_Inbound description Primary

name 172.16.1.200 DMZ_SonicWall description Internal SonicWall Gateway

name 69.199.150.236 Outside_SonicWall description Outside port for SonicWall

name 172.16.1.137 DMZ_103 description VS-103

name 69.199.150.231 Outside_SAPTest

name 172.16.1.4 DMZ_SAPTest

name 192.168.1.72 Inside_SAPTest description Internal SAP

name 172.16.1.72 DMZ_SAPTest_Relay

name 192.168.1.119 Inside_ADT description ADT Appliance

name 192.168.1.145 Inside_Mtell-DC1 description RRAS VPN

name 10.10.10.15 Inside_PBX description SIP server

name 10.10.10.20 RRAS description RRAS

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 69.199.150.226 255.255.255.240

ospf cost 10

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.10.254 255.255.248.0

ospf cost 10

!

interface Ethernet0/1.1

description NEWGW

shutdown

vlan 1

nameif NEWGW

security-level 100

no ip address

ospf cost 10

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

nameif dmz

security-level 50

ip address 172.16.1.1 255.255.255.0

ospf cost 10

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.0.1 255.255.255.0

ospf cost 10

management-only

!

passwd Gb0OtgUy470QZJRV encrypted

boot system disk0:/asa802-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name i-fac.com

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group service PBX tcp

description PBX Server

port-object eq https

port-object eq sip

object-group service DM_INLINE_SERVICE_1

service-object ip

service-object tcp

service-object tcp eq https

object-group service DM_INLINE_SERVICE_2

service-object gre

service-object tcp eq pptp

object-group service DM_INLINE_TCP_1 tcp

port-object eq www

port-object eq https

port-object eq rtsp

object-group service DM_INLINE_TCP_2 tcp

port-object eq 7001

port-object eq www

object-group network DM_INLINE_NETWORK_1

network-object McAffee_Inbound1 255.255.255.0

network-object host McAfee_Inbound

network-object host McAffee_Inbound2

object-group service DM_INLINE_SERVICE_3

service-object gre

service-object tcp eq 9060

service-object tcp eq 9080

service-object tcp eq pptp

object-group service DM_INLINE_UDP_1 udp

port-object eq domain

port-object eq ntp

object-group network new__inside

network-object 10.10.8.0 255.255.248.0

object-group network new

group-object new__inside

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit tcp host Inside_IFC-X any eq smtp inactive

access-list inside_access_in extended deny tcp any any eq smtp

access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 10.10.8.0 255.255.248.0

access-list inside_nat0_outbound extended permit ip any 172.16.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any object-group new__inside

access-list inside_nat0_outbound extended permit ip 10.10.8.0 255.255.248.0 192.168.100.0 255.255.255.0

access-list 101 extended permit object-group DM_INLINE_SERVICE_3 any host Outside_SonicWall inactive

access-list 101 extended permit tcp any host Outside_Datastream object-group DM_INLINE_TCP_1

access-list 101 extended permit udp any host Outside_Datastream object-group DM_INLINE_UDP_1

access-list 101 extended permit tcp any host Outside_Demo eq www

access-list 101 extended permit tcp any host Outside_Maximo object-group DM_INLINE_TCP_2

access-list 101 extended permit tcp any host Outside_SAP eq www

access-list 101 extended permit tcp any host Outside_SAP eq 8000

access-list 101 extended permit tcp any host Outside_PBX eq https

access-list 101 extended permit udp any host Outside_PBX eq sip

access-list 101 extended permit udp any host Outside_PBX eq 4569

access-list 101 extended permit udp any host Outside_PBX range 10000 20000

access-list 101 extended permit tcp any host Outside_Exchange eq https inactive

access-list 101 extended permit tcp object-group DM_INLINE_NETWORK_1 host Outside_Exchange eq smtp inactive

access-list 101 extended permit tcp any host Outside_Exchange eq imap4 inactive

access-list 101 extended permit tcp any host Outside_Mtelligence eq www

access-list 101 extended permit tcp any host Outside_Mtelligence eq 7001

access-list 101 extended permit object-group DM_INLINE_SERVICE_2 any host Outside_VPN

access-list 101 extended permit tcp any host Outside_Exchange eq smtp inactive

access-list 101 extended permit tcp any host Outside_SAPTest eq www

access-list 101 extended permit tcp any host Outside_SAPTest eq 8002

access-list 101 extended permit tcp any host Outside_SAPTest eq 50000

access-list global_mpc extended permit object-group DM_INLINE_SERVICE_1 any any inactive

access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 50000

access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 8002

access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 800

access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 802

access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest range 3300 3399

access-list dmz_access_in extended permit ip 10.10.8.0 255.255.248.0 172.16.1.0 255.255.255.0

access-list MTEL2013_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0

access-list MTEL2013_splitTunnelAcl_1 standard permit 192.168.1.0 255.255.255.0

access-list inside02_nat0_outbound extended permit ip any 10.10.8.0 255.255.248.0

access-list MTELL_2014_splitTunnelAcl standard permit 10.10.8.0 255.255.248.0

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu NEWGW 1500

mtu dmz 1500

mtu management 1500

ip local pool vpn_dhcp 192.168.1.245-192.168.1.250 mask 255.255.255.0

ip local pool VPN_DHCP02 192.168.1.25-192.168.1.29 mask 255.255.255.0

ip local pool MTEL2013 192.168.100.100-192.168.100.150 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-602.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

global (dmz) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (dmz,outside) tcp Outside_Demo www DMZ_ManfToolkit www netmask 255.255.255.255

static (dmz,outside) tcp Outside_Maximo www DMZ_Maximo www netmask 255.255.255.255

static (dmz,outside) tcp Outside_Maximo 7001 DMZ_MaximoUI 7001 netmask 255.255.255.255

static (dmz,outside) tcp Outside_SAP www DMZ_SAP www netmask 255.255.255.255

static (dmz,outside) tcp Outside_SAP 8000 DMZ_103 8000 netmask 255.255.255.255

static (inside,outside) tcp Outside_Mtelligence 7001 Inside_Maximo 7001 netmask 255.255.255.255

static (inside,outside) tcp Outside_Exchange smtp Inside_IFC-X smtp netmask 255.255.255.255

static (inside,outside) tcp Outside_Exchange https Inside_IFC-X https netmask 255.255.255.255

static (inside,outside) tcp Outside_Exchange imap4 Inside_IFC-X imap4 netmask 255.255.255.255

static (dmz,outside) Outside_SonicWall DMZ_SonicWall netmask 255.255.255.255

static (inside,outside) Outside_Datastream 192.168.1.159 netmask 255.255.255.255

static (inside,outside) Outside_PBX Inside_PBX netmask 255.255.255.255

static (inside,outside) Outside_VPN RRAS netmask 255.255.255.255

static (inside,dmz) Inside_SAPTest Inside_SAPTest netmask 255.255.255.255

static (inside,dmz) DMZ_WebServer RRAS netmask 255.255.255.255

access-group 101 in interface outside

access-group inside_access_in in interface inside

access-group dmz_access_in in interface dmz

route outside 0.0.0.0 0.0.0.0 69.199.150.225 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa-server LDAPSERVERS protocol ldap

aaa-server LDAPSERVERS host RRAS

ldap-base-dn dc=i-fac,dc=com

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *

ldap-login-dn cn=mdalton,ou=ifac,dc=i-fac,dc=com

server-type microsoft

aaa-server LDAPServer protocol ldap

max-failed-attempts 5

aaa-server LDAPServer host RRAS

ldap-base-dn DC=i-fac,DC=com

ldap-scope subtree

ldap-naming-attribute sAMAccount

ldap-login-password *

ldap-login-dn CN=asaldap,OU=users,DC=i-fac,DC=COM

server-type microsoft

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

aaa authentication http console LOCAL

http server enable

http 192.168.0.0 255.255.255.0 management

http 192.168.1.0 255.255.255.0 inside

http 10.10.8.0 255.255.248.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

no crypto isakmp nat-traversal

telnet 192.168.1.0 255.255.255.0 inside

telnet 10.10.8.0 255.255.248.0 inside

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 inside

ssh 10.10.8.0 255.255.248.0 inside

ssh timeout 5

console timeout 0

dhcpd dns 66.180.96.12 64.238.96.12 interface inside

dhcpd domain i-fac.com interface inside

!

dhcpd address 192.168.0.2-192.168.0.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

!

class-map inspection_default

match access-list global_mpc

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

webvpn

enable outside

svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 1

svc enable

group-policy VPN_GRP internal

group-policy VPN_GRP attributes

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

group-policy MTELL_2014 internal

group-policy MTELL_2014 attributes

dns-server value 10.10.10.20 10.10.10.25

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value MTELL_2014_splitTunnelAcl

default-domain value i-fac.com

username prahilly password 01D0d5JaDfCcbuxx encrypted privilege 15

username Admin password MhLn41kUsHw2C9YS encrypted privilege 15

username administrator password pxgz9UlSoRCMKFo2 encrypted privilege 15

username eberon password uvyVtrP8tQUOWfwz encrypted privilege 15

username mdalton password V.V8xIAuILpTtp5t encrypted

username ciscoasaadmin password ue7Ub/MwEYLjOq5b encrypted privilege 15

tunnel-group SSL_VPN type remote-access

tunnel-group SSL_VPN general-attributes

address-pool MTEL2013

default-group-policy VPN_GRP

tunnel-group MTELL_2014 type remote-access

tunnel-group MTELL_2014 general-attributes

address-pool MTEL2013

authentication-server-group LDAPSERVERS LOCAL

default-group-policy MTELL_2014

tunnel-group MTELL_2014 ipsec-attributes

pre-shared-key *

prompt hostname context

Cryptochecksum:726351f1917bd6cc222e1d8f1d6a9b46

: end

MtellCiscoASA#

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-25-2014 02:35 PM

Hello Mathew,

From where are you trying to ASDM to the ASA?

Please provide the Client IP address and the IP address you are typing on your browser?

Also provide

show flash (I wanna see the ASDM.bin image)

Show run all ssl

Let's fix first the ASDM Issue.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents