unable to launch asdm after asa8.0 upgrade

Answered Question
Nov 14th, 2008
User Badges:

i've just upgraded to asa 8.0 and ASDM6. Everything seems to be working fine except the ADSM. Any thoughts?


myasa01# sh ver


Cisco Adaptive Security Appliance Software Version 8.0(4)

Device Manager Version 6.1(5)51


Compiled on Thu 07-Aug-08 20:53 by builders

System image file is "disk0:/asa804-k8.bin"


myasa01# sh running-config management-access

management-access inside


myasa01# sh running-config asdm

asdm image disk0:/asdm-61551.bin

asdm history enable


myasa01# sh running-config http

http server enable

http 10.10.14.6 255.255.255.255 inside


myasa01# sh running-config access-group

access-group OutsideAllowedIn in interface outside


myasa01# dir flash:


Directory of disk0:/


115 -rwx 21986 18:35:08 Nov 12 2008 running-config.2008111201.cfg

117 -rwx 8294400 08:05:00 Dec 12 2006 asa721-25-k8.bin

118 -rwx 5539756 08:06:50 Dec 12 2006 asdm521.bin

119 -rwx 14137344 19:23:44 Nov 12 2008 asa804-k8.bin

121 -rwx 415956 10:34:02 Apr 10 2008 sslclient-win-1.1.4.176.pkg

123 -rwx 7605252 19:06:34 Nov 12 2008 asdm-61551.bin

124 -rwx 2154944 19:28:58 Nov 12 2008 anyconnect-win-2.2.0140-k9.pkg


###log entries###

Nov 14 2008 13:10:26 myasa01 : %ASA-3-710003: TCP access denied by ACL from 10.10.14.6/45666 to inside:10.10.14.2/443

Nov 14 2008 13:10:26 myasa01 : %ASA-7-710005: TCP request discarded from 10.10.14.6/45666 to inside:10.10.14.2/443


##Tracker results###

myasa01# packet-tracer input inside tcp 10.10.14.6 45663 10.10.14.2 443 detail


Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0xc89b2570, priority=1, domain=permit, deny=false

hits=1132251, user_data=0x0, cs_id=0x0, l3_type=0x8

src mac=0000.0000.0000, mask=0000.0000.0000

dst mac=0000.0000.0000, mask=0000.0000.0000


Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow


Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 10.10.14.2 255.255.255.255 identity


Phase: 4

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 10.10.14.0 255.255.255.0 inside


Phase: 5

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0xc89b27e0, priority=0, domain=permit, deny=true

hits=3515, user_data=0x9, cs_id=0x0, flags=0x1000, protocol=0

src ip=0.0.0.0, mask=0.0.0.0, port=0

dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0


Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule




Correct Answer by chaitu_kranthi about 8 years 4 months ago

Hi,


Device Manager Version 6.1(5)51 is having some issues,


The stable ASDM version for 8.0(4) was

6.0(3).


All the best.



Correct Answer by husycisco about 8 years 4 months ago

Hello,

I suggest,

1) Try reloading the device,

2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.

3)Make sure no SSLvpn is configured on this interface

4)Try using an identical ASDM image version like 6.0(x)


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
husycisco Sat, 11/15/2008 - 04:45
User Badges:
  • Gold, 750 points or more

Hello,

I suggest,

1) Try reloading the device,

2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.

3)Make sure no SSLvpn is configured on this interface

4)Try using an identical ASDM image version like 6.0(x)


Regards

reachonenetadm Sun, 11/16/2008 - 15:09
User Badges:

Rolling back to asdm6.0(3) and reloading was the key. Simply reloading or simply changing the asdm image wouldn't do it. Also, it's worth noting for posterity that:

1) removed the asdm configuration and the http configuration (clear configure httpd, clear configure asdm)

2) reloaded the device

3) configured the asdm image, the the httpd ACL then enabled the http server.


Thanks for you quick and thorough replies. The assist goes to chaitu_kranthi.

Correct Answer
chaitu_kranthi Sun, 11/16/2008 - 11:01
User Badges:

Hi,


Device Manager Version 6.1(5)51 is having some issues,


The stable ASDM version for 8.0(4) was

6.0(3).


All the best.



reachonenetadm Sun, 11/16/2008 - 15:10
User Badges:

asdm-603.bin worked like a champ..see my reply to husycisco. Thanks again.

Actions

This Discussion