01-24-2014 03:55 PM
Cisco 5510
ASDM was working without issue, we had a power outage and now I cant conenction using the ASDM. I can Telnet, just not ASDM.
Also IP-SEC VPN clients can connect, get an IP but that is it. They cant access the LAN, cant ping a device behind the asa 5510.
Here is "show run" HELP ME PLEASE!!! I am at a lose, tried changed AAA, HTTP server and a few others....
ASDM says unable to lauch devie manager, I also tried on computers and tried removing my JAVA.
:
ASA Version 8.0(2)
!
hostname MtellCiscoASA
domain-name i-fac.com
enable password 12345 encrypted
names
name 69.199.150.237 Outside_PBX description SIP server outside
name 69.199.150.234 PAT_Port
name 172.16.1.30 DMZ_Datastream
name 172.16.1.31 DMZ_DatastreamUI description INFOR EAM v8
name 172.16.1.17 DMZ_DemoMtelligence description VS-17
name 172.16.1.15 DMZ_DevMtelligence
name 172.16.1.20 DMZ_Maximo
name 172.16.1.21 DMZ_MaximoUI description Maximo UI 6.2
name 172.16.1.40 DMZ_SAP
name 172.16.1.163 DMZ_VS73Q
name 172.16.1.14 DMZ_WebServer description DMZ-S14
name 172.16.1.60 DMZ_ManfToolkit
name 69.199.150.232 Outside_Datastream
name 69.199.150.228 Outside_Demo
name 69.199.150.229 Outside_Maximo
name 69.199.150.230 Outside_Mtelligence description Website and E-Mail
name 69.199.150.233 Outside_SAP
name 69.199.150.238 Outside_VPN
name 192.168.1.8 Inside_DC3
name 192.168.1.103 Inside_IFC-X description Exchange
name 192.168.1.164 Inside_Maximo
name 69.199.150.227 Outside_Exchange
name 208.65.144.0 McAffee_Inbound1
name 208.81.64.0 McAffee_Inbound2
name 208.65.144.245 McAfee_Inbound description Primary
name 172.16.1.200 DMZ_SonicWall description Internal SonicWall Gateway
name 69.199.150.236 Outside_SonicWall description Outside port for SonicWall
name 172.16.1.137 DMZ_103 description VS-103
name 69.199.150.231 Outside_SAPTest
name 172.16.1.4 DMZ_SAPTest
name 192.168.1.72 Inside_SAPTest description Internal SAP
name 172.16.1.72 DMZ_SAPTest_Relay
name 192.168.1.119 Inside_ADT description ADT Appliance
name 192.168.1.145 Inside_Mtell-DC1 description RRAS VPN
name 10.10.10.15 Inside_PBX description SIP server
name 10.10.10.20 RRAS description RRAS
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 69.199.150.226 255.255.255.240
ospf cost 10
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.10.10.254 255.255.248.0
ospf cost 10
!
interface Ethernet0/1.1
description NEWGW
shutdown
vlan 1
nameif NEWGW
security-level 100
no ip address
ospf cost 10
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
nameif dmz
security-level 50
ip address 172.16.1.1 255.255.255.0
ospf cost 10
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.0.1 255.255.255.0
ospf cost 10
management-only
!
passwd Gb0OtgUy470QZJRV encrypted
boot system disk0:/asa802-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name i-fac.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service PBX tcp
description PBX Server
port-object eq https
port-object eq sip
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp
service-object tcp eq https
object-group service DM_INLINE_SERVICE_2
service-object gre
service-object tcp eq pptp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq rtsp
object-group service DM_INLINE_TCP_2 tcp
port-object eq 7001
port-object eq www
object-group network DM_INLINE_NETWORK_1
network-object McAffee_Inbound1 255.255.255.0
network-object host McAfee_Inbound
network-object host McAffee_Inbound2
object-group service DM_INLINE_SERVICE_3
service-object gre
service-object tcp eq 9060
service-object tcp eq 9080
service-object tcp eq pptp
object-group service DM_INLINE_UDP_1 udp
port-object eq domain
port-object eq ntp
object-group network new__inside
network-object 10.10.8.0 255.255.248.0
object-group network new
group-object new__inside
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp host Inside_IFC-X any eq smtp inactive
access-list inside_access_in extended deny tcp any any eq smtp
access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 10.10.8.0 255.255.248.0
access-list inside_nat0_outbound extended permit ip any 172.16.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any object-group new__inside
access-list inside_nat0_outbound extended permit ip 10.10.8.0 255.255.248.0 192.168.100.0 255.255.255.0
access-list 101 extended permit object-group DM_INLINE_SERVICE_3 any host Outside_SonicWall inactive
access-list 101 extended permit tcp any host Outside_Datastream object-group DM_INLINE_TCP_1
access-list 101 extended permit udp any host Outside_Datastream object-group DM_INLINE_UDP_1
access-list 101 extended permit tcp any host Outside_Demo eq www
access-list 101 extended permit tcp any host Outside_Maximo object-group DM_INLINE_TCP_2
access-list 101 extended permit tcp any host Outside_SAP eq www
access-list 101 extended permit tcp any host Outside_SAP eq 8000
access-list 101 extended permit tcp any host Outside_PBX eq https
access-list 101 extended permit udp any host Outside_PBX eq sip
access-list 101 extended permit udp any host Outside_PBX eq 4569
access-list 101 extended permit udp any host Outside_PBX range 10000 20000
access-list 101 extended permit tcp any host Outside_Exchange eq https inactive
access-list 101 extended permit tcp object-group DM_INLINE_NETWORK_1 host Outside_Exchange eq smtp inactive
access-list 101 extended permit tcp any host Outside_Exchange eq imap4 inactive
access-list 101 extended permit tcp any host Outside_Mtelligence eq www
access-list 101 extended permit tcp any host Outside_Mtelligence eq 7001
access-list 101 extended permit object-group DM_INLINE_SERVICE_2 any host Outside_VPN
access-list 101 extended permit tcp any host Outside_Exchange eq smtp inactive
access-list 101 extended permit tcp any host Outside_SAPTest eq www
access-list 101 extended permit tcp any host Outside_SAPTest eq 8002
access-list 101 extended permit tcp any host Outside_SAPTest eq 50000
access-list global_mpc extended permit object-group DM_INLINE_SERVICE_1 any any inactive
access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 50000
access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 8002
access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 800
access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest eq 802
access-list dmz_access_in extended permit tcp host DMZ_SAP host Inside_SAPTest range 3300 3399
access-list dmz_access_in extended permit ip 10.10.8.0 255.255.248.0 172.16.1.0 255.255.255.0
access-list MTEL2013_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list MTEL2013_splitTunnelAcl_1 standard permit 192.168.1.0 255.255.255.0
access-list inside02_nat0_outbound extended permit ip any 10.10.8.0 255.255.248.0
access-list MTELL_2014_splitTunnelAcl standard permit 10.10.8.0 255.255.248.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu NEWGW 1500
mtu dmz 1500
mtu management 1500
ip local pool vpn_dhcp 192.168.1.245-192.168.1.250 mask 255.255.255.0
ip local pool VPN_DHCP02 192.168.1.25-192.168.1.29 mask 255.255.255.0
ip local pool MTEL2013 192.168.100.100-192.168.100.150 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp Outside_Demo www DMZ_ManfToolkit www netmask 255.255.255.255
static (dmz,outside) tcp Outside_Maximo www DMZ_Maximo www netmask 255.255.255.255
static (dmz,outside) tcp Outside_Maximo 7001 DMZ_MaximoUI 7001 netmask 255.255.255.255
static (dmz,outside) tcp Outside_SAP www DMZ_SAP www netmask 255.255.255.255
static (dmz,outside) tcp Outside_SAP 8000 DMZ_103 8000 netmask 255.255.255.255
static (inside,outside) tcp Outside_Mtelligence 7001 Inside_Maximo 7001 netmask 255.255.255.255
static (inside,outside) tcp Outside_Exchange smtp Inside_IFC-X smtp netmask 255.255.255.255
static (inside,outside) tcp Outside_Exchange https Inside_IFC-X https netmask 255.255.255.255
static (inside,outside) tcp Outside_Exchange imap4 Inside_IFC-X imap4 netmask 255.255.255.255
static (dmz,outside) Outside_SonicWall DMZ_SonicWall netmask 255.255.255.255
static (inside,outside) Outside_Datastream 192.168.1.159 netmask 255.255.255.255
static (inside,outside) Outside_PBX Inside_PBX netmask 255.255.255.255
static (inside,outside) Outside_VPN RRAS netmask 255.255.255.255
static (inside,dmz) Inside_SAPTest Inside_SAPTest netmask 255.255.255.255
static (inside,dmz) DMZ_WebServer RRAS netmask 255.255.255.255
access-group 101 in interface outside
access-group inside_access_in in interface inside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 69.199.150.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server LDAPSERVERS protocol ldap
aaa-server LDAPSERVERS host RRAS
ldap-base-dn dc=i-fac,dc=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn cn=mdalton,ou=ifac,dc=i-fac,dc=com
server-type microsoft
aaa-server LDAPServer protocol ldap
max-failed-attempts 5
aaa-server LDAPServer host RRAS
ldap-base-dn DC=i-fac,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccount
ldap-login-password *
ldap-login-dn CN=asaldap,OU=users,DC=i-fac,DC=COM
server-type microsoft
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 inside
http 10.10.8.0 255.255.248.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 192.168.1.0 255.255.255.0 inside
telnet 10.10.8.0 255.255.248.0 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.10.8.0 255.255.248.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 66.180.96.12 64.238.96.12 interface inside
dhcpd domain i-fac.com interface inside
!
dhcpd address 192.168.0.2-192.168.0.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
match access-list global_mpc
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
webvpn
enable outside
svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 1
svc enable
group-policy VPN_GRP internal
group-policy VPN_GRP attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy MTELL_2014 internal
group-policy MTELL_2014 attributes
dns-server value 10.10.10.20 10.10.10.25
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value MTELL_2014_splitTunnelAcl
default-domain value i-fac.com
username prahilly password 01D0d5JaDfCcbuxx encrypted privilege 15
username Admin password MhLn41kUsHw2C9YS encrypted privilege 15
username administrator password pxgz9UlSoRCMKFo2 encrypted privilege 15
username eberon password uvyVtrP8tQUOWfwz encrypted privilege 15
username mdalton password V.V8xIAuILpTtp5t encrypted
username ciscoasaadmin password ue7Ub/MwEYLjOq5b encrypted privilege 15
tunnel-group SSL_VPN type remote-access
tunnel-group SSL_VPN general-attributes
address-pool MTEL2013
default-group-policy VPN_GRP
tunnel-group MTELL_2014 type remote-access
tunnel-group MTELL_2014 general-attributes
address-pool MTEL2013
authentication-server-group LDAPSERVERS LOCAL
default-group-policy MTELL_2014
tunnel-group MTELL_2014 ipsec-attributes
pre-shared-key *
prompt hostname context
Cryptochecksum:726351f1917bd6cc222e1d8f1d6a9b46
: end
MtellCiscoASA#
01-25-2014 02:35 PM
Hello Mathew,
From where are you trying to ASDM to the ASA?
Please provide the Client IP address and the IP address you are typing on your browser?
Also provide
show flash (I wanna see the ASDM.bin image)
Show run all ssl
Let's fix first the ASDM Issue.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide