unable to launch asdm after asa8.0 upgrade

Answered Question
Nov 14th, 2008

i've just upgraded to asa 8.0 and ASDM6. Everything seems to be working fine except the ADSM. Any thoughts?

myasa01# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(4)

Device Manager Version 6.1(5)51

Compiled on Thu 07-Aug-08 20:53 by builders

System image file is "disk0:/asa804-k8.bin"

myasa01# sh running-config management-access

management-access inside

myasa01# sh running-config asdm

asdm image disk0:/asdm-61551.bin

asdm history enable

myasa01# sh running-config http

http server enable

http 10.10.14.6 255.255.255.255 inside

myasa01# sh running-config access-group

access-group OutsideAllowedIn in interface outside

myasa01# dir flash:

Directory of disk0:/

115 -rwx 21986 18:35:08 Nov 12 2008 running-config.2008111201.cfg

117 -rwx 8294400 08:05:00 Dec 12 2006 asa721-25-k8.bin

118 -rwx 5539756 08:06:50 Dec 12 2006 asdm521.bin

119 -rwx 14137344 19:23:44 Nov 12 2008 asa804-k8.bin

121 -rwx 415956 10:34:02 Apr 10 2008 sslclient-win-1.1.4.176.pkg

123 -rwx 7605252 19:06:34 Nov 12 2008 asdm-61551.bin

124 -rwx 2154944 19:28:58 Nov 12 2008 anyconnect-win-2.2.0140-k9.pkg

###log entries###

Nov 14 2008 13:10:26 myasa01 : %ASA-3-710003: TCP access denied by ACL from 10.10.14.6/45666 to inside:10.10.14.2/443

Nov 14 2008 13:10:26 myasa01 : %ASA-7-710005: TCP request discarded from 10.10.14.6/45666 to inside:10.10.14.2/443

##Tracker results###

myasa01# packet-tracer input inside tcp 10.10.14.6 45663 10.10.14.2 443 detail

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0xc89b2570, priority=1, domain=permit, deny=false

hits=1132251, user_data=0x0, cs_id=0x0, l3_type=0x8

src mac=0000.0000.0000, mask=0000.0000.0000

dst mac=0000.0000.0000, mask=0000.0000.0000

Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 10.10.14.2 255.255.255.255 identity

Phase: 4

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 10.10.14.0 255.255.255.0 inside

Phase: 5

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0xc89b27e0, priority=0, domain=permit, deny=true

hits=3515, user_data=0x9, cs_id=0x0, flags=0x1000, protocol=0

src ip=0.0.0.0, mask=0.0.0.0, port=0

dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

I have this problem too.
0 votes
Correct Answer by chaitu_kranthi about 8 years 2 weeks ago

Hi,

Device Manager Version 6.1(5)51 is having some issues,

The stable ASDM version for 8.0(4) was

6.0(3).

All the best.

Correct Answer by husycisco about 8 years 2 weeks ago

Hello,

I suggest,

1) Try reloading the device,

2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.

3)Make sure no SSLvpn is configured on this interface

4)Try using an identical ASDM image version like 6.0(x)

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
husycisco Sat, 11/15/2008 - 04:45

Hello,

I suggest,

1) Try reloading the device,

2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.

3)Make sure no SSLvpn is configured on this interface

4)Try using an identical ASDM image version like 6.0(x)

Regards

reachonenetadm Sun, 11/16/2008 - 15:09

Rolling back to asdm6.0(3) and reloading was the key. Simply reloading or simply changing the asdm image wouldn't do it. Also, it's worth noting for posterity that:

1) removed the asdm configuration and the http configuration (clear configure httpd, clear configure asdm)

2) reloaded the device

3) configured the asdm image, the the httpd ACL then enabled the http server.

Thanks for you quick and thorough replies. The assist goes to chaitu_kranthi.

Correct Answer
chaitu_kranthi Sun, 11/16/2008 - 11:01

Hi,

Device Manager Version 6.1(5)51 is having some issues,

The stable ASDM version for 8.0(4) was

6.0(3).

All the best.

Actions

This Discussion