cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7451
Views
0
Helpful
10
Replies

ASDM is asking for Authentication

reagentom
Level 1
Level 1

I have upgrade my Pix515E from IOS 6.2 to 8.0, and ASDM to version 602

when I am accessing the ASDM through java site or through the client sw it's asking for Authentication

Authentication is required

please login to authenticate to pix_ip

I don't have any authentication seted on the pix.

any ideas ??

1 Accepted Solution

Accepted Solutions

If you can telnet into the PIX, then just create a username with privilege level 15 and then try to use that to access the ASDM.

I think that solves your problem.

username X privilege 15 secret Y

View solution in original post

10 Replies 10

JORGE RODRIGUEZ
Level 10
Level 10

Ahmed, the asdm authentication is the same as before upgrade by using enable password to access fw.

if you have not setup enable password console to pix and set one up

e.g

pix(config)#enable password xxxxx

Jorge Rodriguez

Hi jorge

I have enable password, but it's working like that

when run ASDM it will ask for password to pix then I will enter the enable password. it will accept it then another window will come asking please enter password for authentication.

It should still be the enable password.

That has to do with the Java thingy and certificates that makes you put the same password twice.

Let me know if it helps.

no it doesn't accept the enable password

Can you share the config with us?

From the top of my head, if you have not configured any authentication on the PIX, then it should be something like username cisco and password cisco (or user pix and pass cisco).

In adition to Paulo's comments, can you authenticate at all when you telnet to pix or console to it? if you can get in pix enable mode via console or telnet the enable password is there, so I would think it would have to do with Java as Paulo indicated, can you use another PC to https to pix, it would be odd that enable password would have changed in the upgrade process but worth give it a try as anything is possible.

Jorge Rodriguez

No jorge, enable password is working fine through the consol and telnet, even through ASDM also it's accepting the enable password then after that it's asking for this magic authentication password !!

I will try it with another pc and let us see how is it.

PIX Version 8.0(2)

!

hostname PIX

domain-name Mecit.edu.om

enable password xxxx

names

name 10.2.2.3 ex1

name 192.168.101.0 ex323

name 10.2.0.0 ex2

name 192.168.101.4 exxx

name 192.168.101.3 xxxxx

name 192.168.101.5 xxxxx

name 192.168.101.10 xxxx

name 10.2.2.254 xxxxx

name 192.168.101.11 xxxxxx

dns-guard

!

interface Ethernet0

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.240

!

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.101.2 255.255.255.0

!

passwd xxx

boot system flash:/pix802.bin

ftp mode passive

dns server-group DefaultDNS

domain-name xxx.com

access-list inside_access_in extended permit ip Server_Network 255.255.0.0 any

access-list inside_access_in extended permit ip host xxxxx any

access-list inside_access_in extended permit ip host xxxxx any

access-list outside_access_in extended permit tcp any host x.x.x.x

access-list outside_access_in extended permit tcp any host x.x.x.x

access-list outside_access_in extended permit tcp any host x.x.x.x

pager lines 24

logging enable

logging asdm-buffer-size 512

logging asdm warnings

mtu outside 1500

mtu inside 1500

ip verify reverse-path interface outside

ip verify reverse-path interface inside

ip audit attack action alarm drop

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-602.bin

asdm history enable

arp timeout 14400

nat-control

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) x.x.x.x

x.x.x.x netmask 255.255.255.255

static (inside,outside)x.x.x.x

x.com netmask 255.255.255.255

static (inside,outside) x.x.x.x XX

netmask 255.255.255.255

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 X.X.X.X

route inside XXXX 255.255.0.0 192.168.101.1 1

route inside ExchSVR 255.255.255.255 192.168.101.1 1

route inside AHMED 255.255.255.255 192.168.101.1 1

route inside XXX 255.255.255.255 192.168.111.1 1

route inside XX 255.255.255.255 192.168.101.1 1

route inside XXX 255.255.255.255 192.168.101.1 1

route inside XXX 255.255.255.255 192.168.101.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http XXX 255.255.255.255 inside

http XXXX 255.255.255.255 inside

http Ahmed 255.255.255.255 inside

http XXX 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp authentication linkup linkdown coldstart

no sysopt connection permit-vpn

no crypto isakmp nat-traversal

telnet 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

ssh version 1

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns migrated_dns_map_1

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect ftp

inspect h323 h225

inspect h323 ras

inspect http

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

tftp-server inside TFTP C:\TFTP-Root

prompt hostname context

Cryptochecksum:xxx

: end

If you can telnet into the PIX, then just create a username with privilege level 15 and then try to use that to access the ASDM.

I think that solves your problem.

username X privilege 15 secret Y

good post pjhenriqs .. thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: