Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1070
Views
2
Helpful
5
Replies

not able to launch Cisco ASDM launcher

shibindong
Level 1
Level 1

‎06-06-2008 07:10 AM - edited ‎03-11-2019 05:56 AM

we have 2 FWs, working in active/active pattern, 1 is active for admin and passive ctx1, aonther is active for ctx1 and passive for admin, we configured "admin" as admin-context.

we can telnet/ssh to each context by using IP address, the problem is we are not able to access ctx1 via using ASDM, we confirmed that IOS and ASDM file are the same on both FWs.

what else we can do to make ctx1 being accessible by ASDM?

Labels:
0 Helpful
5 Replies 5

owillins
Level 6
Level 6

‎06-12-2008 07:33 AM

"show proc" and "show tcpstat" Use the above commands and verify the lp bound to port 443. Or restart and try again.

0 Helpful

mhoda
Level 5
Level 5

‎06-12-2008 06:50 PM

Hello Bindong,

As promised, here is the response -

In Multi-Context Mode, you can directly access the other context as follows:

https://AdminCtxtIP/asdm_handler?context=ctxname

Bottom line is, you always needs to access other context through the admin context.

Hope this answers your question.

Regards,

Mynul

shibindong
Level 1
Level 1
In response to mhoda

‎06-16-2008 01:27 AM

thanks for your reply, I tried your URL and it returned me an "the webpage cannot be found"

and from the log of the ASA, I found the following msg (172.16.3.50 is client and 172.16.22.1 is ASA)

SINFWL001/Ctx1# sh log | inc 172.16.3.50

%ASA-7-725008: SSL client inside:172.16.3.50/2012 proposes the following 11 cipher(s).

%ASA-7-725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client inside:172.16.3.50/2012

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2012

%ASA-6-725007: SSL session with client inside:172.16.3.50/2012 terminated.

%ASA-6-302014: Teardown TCP connection 49491063 for inside:172.16.3.50/2012 to NP Identity Ifc:172.16.22.1/443 duration 0:00:00 bytes 837 TCP FINs

%ASA-6-302013: Built inbound TCP connection 49491081 for inside:172.16.3.50/2015 (172.16.3.50/2015) to NP Identity Ifc:172.16.22.1/443 (172.16.22.1/443)

%ASA-6-725001: Starting SSL handshake with client inside:172.16.3.50/2015 for TLSv1 session.

%ASA-6-725003: SSL client inside:172.16.3.50/2015 request to resume previous session.

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2015

%ASA-6-725007: SSL session with client inside:172.16.3.50/2015 terminated.

%ASA-6-302014: Teardown TCP connection 49491081 for inside:172.16.3.50/2015 to NP Identity Ifc:172.16.22.1/443 duration 0:00:00 bytes 283 TCP FINs

%ASA-6-302013: Built inbound TCP connection 49491082 for inside:172.16.3.50/2016 (172.16.3.50/2016) to NP Identity Ifc:172.16.22.1/443 (172.16.22.1/443)

%ASA-6-725001: Starting SSL handshake with client inside:172.16.3.50/2016 for TLSv1 session.

%ASA-6-725003: SSL client inside:172.16.3.50/2016 request to resume previous session.

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2016

%ASA-6-725007: SSL session with client inside:172.16.3.50/2016 terminated.

%ASA-6-302014: Teardown TCP connection 49491082 for inside:172.16.3.50/2016 to NP Identity Ifc:172.16.22.1/443 duration 0:00:01 bytes 1326 TCP FINs

%ASA-6-302013: Built inbound TCP connection 49491091 for inside:172.16.3.50/2018 (172.16.3.50/2018) to NP Identity Ifc:172.16.22.1/443 (172.16.22.1/443)

%ASA-6-725001: Starting SSL handshake with client inside:172.16.3.50/2018 for TLSv1 session.

%ASA-6-725003: SSL client inside:172.16.3.50/2018 request to resume previous session.

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2018

%ASA-6-605005: Login permitted from 172.16.3.50/2018 to inside:172.16.22.1/https for user "XXXXXX"

%ASA-6-725007: SSL session with client inside:172.16.3.50/2018 terminated.

%ASA-6-302014: Teardown TCP connection 49491091 for inside:172.16.3.50/2018 to NP Identity Ifc:172.16.22.1/443 duration 0:00:00 bytes 1219 TCP FINs

it looked that session terminated after username authentication. i can use that username and password to telnet

0 Helpful

liaqath2k7
Level 1
Level 1

‎06-16-2008 02:05 AM

you can access only one context from the ASDM at a time, because it is something like opening a http session from your browser and can only access one ip address that belongs to the context.

0 Helpful

shibindong
Level 1
Level 1

‎06-18-2008 10:40 PM

thanks for all of your reply, i found the problem: it is stupid mistake i have made. thanks anyway!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card