cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2316
Views
0
Helpful
29
Replies

Unable to access inside ASDM on PIX

epohxavrio
Level 1
Level 1

Hi all:

I cannot access the ASDM on the PIX when I type in

Any advice would be appreciated.

1 Accepted Solution

Accepted Solutions

hold on, I am reading an interim release of asdm which may have a fix for this issue.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv12681

[edit]

CSCsv12681 Bug Details

Symptom:

While loading ASDM, a dialog is displayed that says:

"ASDM cannot be loaded. Click OK to exit ASDM.

Unconnected sockets not implemented"

This occurs when using Java 6 Update 10 or later.

Conditions:

ASDM version 5.0 or later running on ASA, PIX or FWSM and using Java 6

Update 10 or later.

Workaround:

Use Java 6 Update 7.

1st Found-In

5.0(8)

5.1(2)

5.2(4)

6.1(5)

5.2(4)F

6.1(1)F

Fixed-In

6.2(0.70)

6.2(0.71)

6.1(1.55)F

5.2(4.51)

6.1(5.51)

you can use this release based on above report.

asdm-61551.bin

Jorge Rodriguez

View solution in original post

29 Replies 29

JORGE RODRIGUEZ
Level 10
Level 10

You need

asa(config)#aaa authentication ssh console LOCAL

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

Regards

Jorge Rodriguez

I put that in:

aaa authentication ssh console LOCAL

Range already exists.

So i removed it and put it back in.

Same thing, it just tries to load, but never does.

jbalchunas
Level 1
Level 1

What do you mean by the page tried to load? Are you prompted for credentials and they don't work? Are you prompted for credentials, they work but the ASDM times out when loading?

One thing to look at is if your Java version got updated automatically. ASDM 6.1(3) does not play well with the latest version of JRE. The latest version it will work with is Java 6 Update 7.

No I am not prompted at all for credentials, the page just keeps showing that is loading but never does, no content ever appears. I checked the version of Java I have two:

1.6.0 update 1

1.6.0 update 10

I also tested this from another computer that only had Java 1.6 update 7

It didn't work either.

are you using https:///admin or just https:// ?

for us, if you dont add the /admin, you get the SSL WebVPN login page.

just a thought.

That does not work either.

Using the following command, we are prompted for username/password when connecting via ASDM.

aaa authentication serial console TACACS+ LOCAL

I know it seems counter-intuitive with the serial command, but I can change what account is authorized to access ASDM by adding/removing our TACACS+ config. If you simply use:

aaa authentication serial console LOCAL

you should be prompted for your local admin account.

CDawe
Level 1
Level 1

Hi,

You are specifying two particular IP addresses as being allowed from the inside network. Just a thought, are you sure, that the PC's you are using to access the PIX are having the correct IP addresses?

Yes, they are the correct IP addresses.

I thought it was something simple, but I might have to get TAC involved.

I cannot access the ASDM on the PIX when I type in "https://" & PIX_inside_IP

I had no problem accessing the ASDM until I added the user admin to the config. I tried to login once, and I have never been able to access the ASDM again.

I tested using admin as you and worked fine, could you use different user name with privilege 15 instead of admin to atleast narrow down this issue.

Jorge Rodriguez

Well actually admin is not the actual username.

But I can't even get to the page that show run as asdm or java app, the page never finishes loading (no html content is displayed)

ok, have you try accessing it from a different machine as it seems to me that something may have changed either from the PC or asa firewall beside creating username.

can you from the machine do a telnet test to rule out secure port connectivity issue.

from the PC you are accessing firewall inside ip can you do a telnet test on port 443

c:\telnet 443

if you get black screen http services on fw issues is ruled out.

can you then try access from a different PC and see results, at least we can say it is the machine you are accessing the fw from.

Also you did not mention if you can telnet to firewall, can you telnet at all using the username you create?

Jorge Rodriguez

RE telnet test on port 443:

Yes just the black screen

RE Telnet to f/w using username I created:

Yes, I can I just tested that per your recommendation (good idea)

I power cycled the PIX and I was able to access the main again (progress)

I am getting an error message now. I will put a screen shot up in a minute.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: