Unable to access inside ASDM on PIX

Answered Question
Dec 15th, 2008

Hi all:

I cannot access the ASDM on the PIX when I type in

Any advice would be appreciated.

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 7 years 11 months ago

hold on, I am reading an interim release of asdm which may have a fix for this issue.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv12681

[edit]

CSCsv12681 Bug Details

Symptom:

While loading ASDM, a dialog is displayed that says:

"ASDM cannot be loaded. Click OK to exit ASDM.

Unconnected sockets not implemented"

This occurs when using Java 6 Update 10 or later.

Conditions:

ASDM version 5.0 or later running on ASA, PIX or FWSM and using Java 6

Update 10 or later.

Workaround:

Use Java 6 Update 7.

1st Found-In

5.0(8)

5.1(2)

5.2(4)

6.1(5)

5.2(4)F

6.1(1)F

Fixed-In

6.2(0.70)

6.2(0.71)

6.1(1.55)F

5.2(4.51)

6.1(5.51)

you can use this release based on above report.

asdm-61551.bin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
epohxavrio Mon, 12/15/2008 - 10:38

I put that in:

aaa authentication ssh console LOCAL

Range already exists.

So i removed it and put it back in.

Same thing, it just tries to load, but never does.

jbalchunas Mon, 12/15/2008 - 11:34

What do you mean by the page tried to load? Are you prompted for credentials and they don't work? Are you prompted for credentials, they work but the ASDM times out when loading?

One thing to look at is if your Java version got updated automatically. ASDM 6.1(3) does not play well with the latest version of JRE. The latest version it will work with is Java 6 Update 7.

epohxavrio Mon, 12/15/2008 - 11:40

No I am not prompted at all for credentials, the page just keeps showing that is loading but never does, no content ever appears. I checked the version of Java I have two:

1.6.0 update 1

1.6.0 update 10

epohxavrio Mon, 12/15/2008 - 13:03

I also tested this from another computer that only had Java 1.6 update 7

It didn't work either.

jbalchunas Tue, 12/16/2008 - 08:37

Using the following command, we are prompted for username/password when connecting via ASDM.

aaa authentication serial console TACACS+ LOCAL

I know it seems counter-intuitive with the serial command, but I can change what account is authorized to access ASDM by adding/removing our TACACS+ config. If you simply use:

aaa authentication serial console LOCAL

you should be prompted for your local admin account.

CDawe Wed, 12/17/2008 - 00:09

Hi,

You are specifying two particular IP addresses as being allowed from the inside network. Just a thought, are you sure, that the PC's you are using to access the PIX are having the correct IP addresses?

epohxavrio Wed, 12/17/2008 - 05:59

Yes, they are the correct IP addresses.

I thought it was something simple, but I might have to get TAC involved.

JORGE RODRIGUEZ Wed, 12/17/2008 - 09:44

I cannot access the ASDM on the PIX when I type in "https://" & PIX_inside_IP

I had no problem accessing the ASDM until I added the user admin to the config. I tried to login once, and I have never been able to access the ASDM again.

I tested using admin as you and worked fine, could you use different user name with privilege 15 instead of admin to atleast narrow down this issue.

epohxavrio Wed, 12/17/2008 - 09:57

Well actually admin is not the actual username.

But I can't even get to the page that show run as asdm or java app, the page never finishes loading (no html content is displayed)

JORGE RODRIGUEZ Wed, 12/17/2008 - 10:14

ok, have you try accessing it from a different machine as it seems to me that something may have changed either from the PC or asa firewall beside creating username.

can you from the machine do a telnet test to rule out secure port connectivity issue.

from the PC you are accessing firewall inside ip can you do a telnet test on port 443

c:\telnet 443

if you get black screen http services on fw issues is ruled out.

can you then try access from a different PC and see results, at least we can say it is the machine you are accessing the fw from.

Also you did not mention if you can telnet to firewall, can you telnet at all using the username you create?

epohxavrio Wed, 12/17/2008 - 10:50

RE telnet test on port 443:

Yes just the black screen

RE Telnet to f/w using username I created:

Yes, I can I just tested that per your recommendation (good idea)

I power cycled the PIX and I was able to access the main again (progress)

I am getting an error message now. I will put a screen shot up in a minute.

epohxavrio Wed, 12/17/2008 - 11:23

I already installed that, how do I force ASDM to use the older version of Java?

epohxavrio Wed, 12/17/2008 - 11:54

Cisco PIX Security Appliance Software Version 8.0(4)

Device Manager Version 6.1(3)

Compiled on Thu 07-Aug-08 19:42 by builders

System image file is "flash:/pix804.bin"

Config file at boot was "startup-config"

PIX515E up 2 hours

Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 0013.60b8.f2ca, irq 10

1: Ext: Ethernet1 : address is 0013.60b8.f2cb, irq 11

2: Ext: Ethernet2 : address is 000e.0c6e.8b04, irq 11

Licensed features for this platform:

Maximum Physical Interfaces : 3

Maximum VLANs : 10

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Restricted (R) license.

Serial Number:

Running Activation Key: xxxxxxxxxxxxxxxxxx

Configuration last modified by user_15 at 05:04:53.232 CST Wed Dec 17 2008

JORGE RODRIGUEZ Wed, 12/17/2008 - 12:14

I'll go by what you said that your machine have JRE 6 update 7, Im running teh exact same code you are running.

I would try this, disable and reable http services

http server disable

http server enable

write mem

if still get the asdm error message download fresh copy of asdm 6.1.3 release date August 2008, or asdm 6.1.5 release date OCT 2008.. and re-install asdm.

6.1.3 release info see java section

http://www.cisco.com/en/US/docs/security/asdm/6_1/release/notes/rn613.html

6.1.5 release info see java section

http://www.cisco.com/en/US/docs/security/asdm/6_1/release/notes/rn615.html

epohxavrio Wed, 12/17/2008 - 12:27

I should have clarified myself: Yes, I installed that version (JRE 6 Update 7) but I also have installed JRE 6 Update 10 (for security reasons).

http server disable does not appear to work

http server ?

reveals enable only

JORGE RODRIGUEZ Wed, 12/17/2008 - 12:31

from the machine running jre 6 update 7 can you load asdm form it? update 10 seems where there is issue with that exact message you have attached.

epohxavrio Wed, 12/17/2008 - 12:40

Yes I can. So if I upgrade to asdm 6.1.5 I should be able to run from both machines?

JORGE RODRIGUEZ Wed, 12/17/2008 - 12:43

I don't think it will..

quote form release 6.1.5

If you load ASDM using ASDM version 5.0 or later, running on ASA, PIX or FWSM, and use Java 6

Update 10 or later, a dialog is displayed that states: "ASDM cannot be loaded. Click OK to exit ASDM.Unconnected sockets not implemented". This occurs when using Java 6 Update 10 or later. To get ASDM to load correctly, use Java 6, update 7.

epohxavrio Wed, 12/17/2008 - 12:47

Gotcha, so simply put, in order to access the ASDM I need to remove the newer version(s) of JRE and stick with Update 7.

Correct Answer
JORGE RODRIGUEZ Wed, 12/17/2008 - 12:53

hold on, I am reading an interim release of asdm which may have a fix for this issue.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv12681

[edit]

CSCsv12681 Bug Details

Symptom:

While loading ASDM, a dialog is displayed that says:

"ASDM cannot be loaded. Click OK to exit ASDM.

Unconnected sockets not implemented"

This occurs when using Java 6 Update 10 or later.

Conditions:

ASDM version 5.0 or later running on ASA, PIX or FWSM and using Java 6

Update 10 or later.

Workaround:

Use Java 6 Update 7.

1st Found-In

5.0(8)

5.1(2)

5.2(4)

6.1(5)

5.2(4)F

6.1(1)F

Fixed-In

6.2(0.70)

6.2(0.71)

6.1(1.55)F

5.2(4.51)

6.1(5.51)

you can use this release based on above report.

asdm-61551.bin

epohxavrio Wed, 12/17/2008 - 14:28

Thanks, it works in XP but not in Vista. So I guess I will have to use it in XP (vm)

I removed all other version of jre on the vista box leaving only jre 6 update 10.

JORGE RODRIGUEZ Wed, 12/17/2008 - 15:27

Great.. at least we got to the bottom of the issue, don't forget to rate post if it helped.

Best Rgds

Jorge

epohxavrio Thu, 12/18/2008 - 05:44

I will and thank you for your help getting me through this!!

For anyone else experiencing this same issue.

Run the ASDM in XP compatibility mode.

Actions

This Discussion