Can only access ASDM when on VPN

Unanswered Question
Dec 15th, 2008

Here is the config that I believe allows ASDM access

http server enable

http inside

http inside

http management

Our vpn dhcp pool is 172.30.0.x

Our internal network is 192.168.133.x

so i added the following command

http inside

is this the correct command to allow access??

I still cant seem to connect when to the firewall via asdm.

The only way i can telnet to that fw is when i telnet to our core switch and to the fw too

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 12/15/2008 - 08:21

http inside

is this the correct command to allow access??

Yes it is for allowing that network mgmt access to fw, what seems strange to me is that you have to connect to a core switch to then telnet to the firewall, what device is routing network , can you from the firewall ping any host to this net?

JORGE RODRIGUEZ Mon, 12/15/2008 - 08:50

Also, what error message are you geting? are you using https as suppose to http://fw_ip

can any other subnet access asdm?

Can you also post the output of show version

nygenxny123 Mon, 12/15/2008 - 11:17

I get the the following message in my browser

Using https://

The connection has timed out

The server at is taking too long to respond.

* The site could be temporarily unavailable or too busy. Try again in a few


* If you are unable to load any pages, check your computer's network


* If your computer or network is protected by a firewall or proxy, make sure

that Firefox is permitted to access the Web.

I cant ping the inside interface from my network.

Cisco Adaptive Security Appliance Software Version 7.2(1)

Device Manager Version 5.2(1)

Compiled on Wed 31-May-06 14:45 by root

System image file is "disk0:/asa721-k8.bin"

Config file at boot was "startup-config"

PHR-InternetFW up 2 years 38 days

failover cluster up 2 years 38 days

Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash AT49LW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode : ☻CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: ♥CNlite-MC-IPSEC-Admin-3.03

IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.04

JORGE RODRIGUEZ Mon, 12/15/2008 - 13:06

can you post sanatized config , omit public ip info.

Also if you are accessing from of or networks from that source host try a telnet test to either th the ip address of the inside interface of the firewall or management0/0 interface.


c:\telnet 443


c:\telnet 443

if you get black screen on each of the test we know connectivity is there to the freiwall on secure port 443.


nygenxny123 Mon, 12/15/2008 - 13:43

management ip is left at default

so that wont work

and a telnet


Connecting To not open connection to the host, on port 23: Co

nnect failed

C:\>telnet 443

Connecting To not open connection to the host, on port 443: C

onnect failed

JORGE RODRIGUEZ Mon, 12/15/2008 - 13:58

PHR-InternetFW up 2 years 38 days

question when was the last time you had access asdm on this firewall from the uptime of 2 years from those source subnets?


This Discussion