12-15-2008 07:44 AM - edited 03-11-2019 07:25 AM
Here is the config that I believe allows ASDM access
http server enable
http 172.30.0.0 255.255.0.0 inside
http 172.20.0.0 255.255.0.0 inside
http 192.168.1.0 255.255.255.0 management
Our vpn dhcp pool is 172.30.0.x
Our internal network is 192.168.133.x
so i added the following command
http 192.168.133.0 255.255.255.0 inside
is this the correct command to allow access??
I still cant seem to connect when to the firewall via asdm.
The only way i can telnet to that fw is when i telnet to our core switch and to the fw too
12-15-2008 08:21 AM
http 192.168.133.0 255.255.255.0 inside
is this the correct command to allow access??
Yes it is for allowing that network mgmt access to fw, what seems strange to me is that you have to connect to a core switch to then telnet to the firewall, what device is routing 192.168.133.0/24 network , can you from the firewall ping any host to this net?
12-15-2008 08:50 AM
Also, what error message are you geting? are you using https as suppose to http://fw_ip
can any other subnet access asdm?
Can you also post the output of show version
12-15-2008 11:17 AM
I get the the following message in my browser
Using https://
The connection has timed out
The server at 172.20.1.1 is taking too long to respond.
* The site could be temporarily unavailable or too busy. Try again in a few
moments.
* If you are unable to load any pages, check your computer's network
connection.
* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.
I cant ping the inside interface from my network.
Cisco Adaptive Security Appliance Software Version 7.2(1)
Device Manager Version 5.2(1)
Compiled on Wed 31-May-06 14:45 by root
System image file is "disk0:/asa721-k8.bin"
Config file at boot was "startup-config"
PHR-InternetFW up 2 years 38 days
failover cluster up 2 years 38 days
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash AT49LW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : â»CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: â¥CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : âºCNlite-MC-IPSECm-MAIN-2.04
12-15-2008 01:06 PM
can you post sanatized config , omit public ip info.
Also if you are accessing from 192.168.133.0 of 172.30.0.0 or 172.20.0.0 networks from that source host try a telnet test to either th the ip address of the inside interface of the firewall or management0/0 interface.
e.i
c:\telnet
or
c:\telnet
if you get black screen on each of the test we know connectivity is there to the freiwall on secure port 443.
Regards
12-15-2008 01:43 PM
management ip is left at default 192.168.1.1
so that wont work
and a telnet
C:>telnet 172.20.1.1
Connecting To 172.20.1.1...Could not open connection to the host, on port 23: Co
nnect failed
C:\>telnet 172.20.1.1 443
Connecting To 172.20.1.1...Could not open connection to the host, on port 443: C
onnect failed
12-15-2008 01:58 PM
PHR-InternetFW up 2 years 38 days
question when was the last time you had access asdm on this firewall from the uptime of 2 years from those source subnets?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide