06-05-2008 06:38 PM - edited 03-09-2019 08:51 PM
we have 2 firewalls, which grouped together as active/active failover pattern with 2 contexts: admin and Ctx1: we are able to launch asdm either by ASDM launcher or web based for FW1, which is active for admin, but when we tried launching fw2 which is active for Ctx1, we received a error message:the device does not have the appropriate Device Manager image installed. ASDM Launcher supports ASDM 5.0 or higher."
But when I console into every firewall: I saw the ASDM version is 521 for every FW:
10 -rw- 8202240 00:05:14 Jan 01 2003 asa721-k8.bin
11 -rw- 1868412 00:05:40 Jan 01 2003 securedesktop-asa-3.1.1.29-k9.pkg
12 -rw- 398305 00:05:54 Jan 01 2003 sslclient-win-1.1.0.154.pkg
13 -rw- 5539756 07:35:10 Dec 12 2006 asdm-521.bin
16 -rw- 1926 20:53:14 Feb 04 2007 old_running.cfg
17 -rw- 19772 00:57:00 Jun 05 2008 admin.cfg
18 -rw- 1509 23:12:18 Feb 04 2007 Ctx1.cfg
19 -rw- 20012 01:00:36 Jun 05 2008 ctx.cfg
I donot think it is ASDM version issue, i think it is because of context issue, when I changed to different context I got different result:
admin:
SINFWL001/admin# sh asdm ?
history Show contents of Device Manager history buffer
log_sessions Show current Device Manager logging sessions
sessions Show current Device Manager sessions
SINFWL001/admin# sh asdm his
SINFWL001/admin# sh version
Cisco Adaptive Security Appliance Software Version 7.2(1) <context>
Compiled on Wed 31-May-06 14:45 by root
SINFWL001 up 279 days 22 hours
failover cluster up 279 days 22 hours
Hardware: ASA5520-K8, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0 : address is 000a.b89c.e1f6, irq 9
1: Ext: GigabitEthernet0/1 : address is 000a.b89c.e1f7, irq 9
2: Ext: GigabitEthernet0/2 : address is 000a.b89c.e1f8, irq 9
3: Ext: GigabitEthernet0/3 : address is 000a.b89c.e1f9, irq 9
4: Ext: Management0/0 : address is 000a.b89c.e1fa, irq 11
5: Int: Not licensed : irq 11
6: Int: Not licensed : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX1xxxxxx
Running Activation Key: 0xad222b69 0x847111d2 0xfce31da0 0xa7c080d0 0x4bsss6b0
Configuration register is 0x1
Configuration last modified by enable_1 at 00:56:50.297 UTC Thu Jun 5 2008
while in Ctx1:
SINFWL001/Ctx1(config)# sh ver
Cisco Adaptive Security Appliance Software Version 7.2(1) <context>
Compiled on Wed 31-May-06 14:45 by root
SINFWL001 up 279 days 22 hours
failover cluster up 279 days 22 hours
Hardware: ASA5520-K8
Licensed features for this user context:
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
GTP/GPRS : Disabled
Configuration last modified by JMHfzco at 01:00:27.935 UTC Thu Jun 5 2008
how can i use ASDM for Ctx1?
06-05-2008 07:26 PM
And I found the admin-context is admin.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide