• Advertisement

ASDM issues

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.

ASDM issues

Postby Guest » Thu Jan 06, 2011 12:00 pm

Hello all,

 

I don personally use the ASDM and so have little experience with it, but I need to get it working for others to perform basic admin duties.

 

I am running 8.05 and ASDM version 6.1(5) on all firewalls, and it is working without problem on 98/100. I have 2 firewalls that the ASDM will not load for. When browsing to the web page, I get the initial security warning regarding the certificate being potentially unsafe, but when I click "continue anyway" I immediately receive a http 404 not found connecting to either the inside or outside interface.

 

The image location is set explicitily in the config, and the relevant statements are in the config allowing access from my management networks. SSL webvpn is not enabled on the device.

 

The config in place:

 

boot system disk0:/asa805-k8.bin
asdm image disk0:/asdm-615.bin

http server enable

http myexternalnetwork 255.255.255.0 outside

http myinternalnetwork 255.255.255.0 inside

 

Hostname# sh disk0:
--#--  --length--  -----date/time------  path
   79  8192        Aug 21 2008 12:45:18  crypto_archive
  148  13934592    Jan 18 2010 15:13:22  asa805-k8.bin
  151  1339056     Jan 18 2010 16:04:30  asdm-615.bin

 

 

management-access inside

 

In sh ver I do not see any Device Manager Image statement where it would usually be expected:

 

Hostnameg# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(5)

 

Compiled on Mon 02-Nov-09 21:22 by builders
System image file is "disk0:/asa805-k8.bin"
Config file at boot was "startup-config"

I have enabled logging, and can see the connection being established but it is immediately terminated:

 

Feb 05 2010 12:03:40: %ASA-6-302013: Built inbound TCP connection 18865 for outside:sourceIP/57225 (sourceIP/57225) to identity:destinationIP/443 (destinationIP/443)
Feb 05 2010 12:03:40: %ASA-6-725001: Starting SSL handshake with client outside:sourceIP/57225 for TLSv1 session.
Feb 05 2010 12:03:40: %ASA-6-725003: SSL client outside:sourceIP/57225 request to resume previous session.
Feb 05 2010 12:03:40: %ASA-6-725002: Device completed SSL handshake with client outside:sourceIP/57225
Feb 05 2010 12:03:40: %ASA-6-725007: SSL session with client outside:sourceIP/57225 terminated.
Feb 05 2010 12:03:40: %ASA-6-302013: Built inbound TCP connection 18867 for outside:sourceIP/57226 (sourceIP/57226) to identity:destinationIP/443
Feb 05 2010 12:03:40: %ASA-6-302014: Teardown TCP connection 18865 for outside:sourceIP/57225 to identity:destinationIP/443 duration 0:00:00 bytes 126 TCP Reset-I

I have tried changing the port used by using the following:

 

http server enable 8843

 

but the issue persists.

 

 

If anyone has any ideas on how to fix this issue please advise, because I am all out. I would prefer not to have to roll back either software version as I would like to have them all standardized on the same images, and the combination is working correctly everywhere else.

 

Many thanks in advance.

Guest
 

Advertisement

Re:ASDM issues

Postby Guest » Thu Jan 06, 2011 1:00 pm

Hi Gatling

 

Do you say, it works 98/100 times, and just times out rarely ? or it doesnt work at all ?

 

Regards

Raj

Guest
 

Re:ASDM issues

Postby Guest » Thu Jan 06, 2011 2:24 pm

what do

sh run ssl

and

sh run | i VPN-

say?

 

ASA# sh ver | i VPN-

VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
ASA# sh run ssl    
ssl encryption aes128-sha1 3des-sha1

 

Does it say the above?

 

-KS

Guest
 

Re:ASDM issues

Postby Guest » Thu Jan 06, 2011 3:41 pm

Verify your asdm-image. It looks too small...

 

Br Jimmy.

http://blogg.kvistofta.nu

Guest
 

Re:ASDM issues

Postby Guest » Thu Jan 06, 2011 5:20 pm

Thanks for all the replies.

 

Raj, I meant it works on 98/100 firewalls (99/100 now as I resolved the issue on another), but it never loads on this firewall.

 

KS, I don see "ssl encryption aes128-sha1 3des-sha1" under sh run ssl.. but Im not sure this is required as Br Jimmy is spot on the money with the ASDM image size. Surprised I didn notice that myself..

 

Thanks again for the help, much appreciated.

 

Chris

Guest
 

Next


  • Advertisement


Similar topics

Deleting asdm image from FWSM flash
Forum: Cisco Security
Author: Guest
Replies: 0

ASDM issue and line vty on ASA 5505
Forum: Cisco Security
Author: Anonymous
Replies: 0

ASA Windows7 and Start-Before-logon (SBL) Issues
Forum: Virtual Private Networks
Author: Anonymous
Replies: 0

PRI out-bound noise issues (Urgent)
Forum: Cisco IP Communications
Author: Anonymous
Replies: 0

Logrot Issues
Forum: Network Management
Author: Anonymous
Replies: 0


Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 1 guest