asdm on multiple context Unable to launch device manager

Unanswered Question
Mar 4th, 2010
User Badges:

Hi

i have two systems with multiple context( admin, context1, context2)


is it possible to use asdm in multiple context? I can reach asdm using the ip address of the admin context, but not with the ip addres of context1 or context2. nevertheless I can connect in ssh & telnet. I regenareted the key pair with not change.


i have the following message:


Unable to launch device manager from


Any ideas?


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
KARUPPUCHAMY MA... Thu, 03/04/2010 - 08:50
User Badges:
  • Silver, 250 points or more

Hi,


is it possible to use asdm in multiple context?  -- yes. it is possible


You need to configure https 0.0.0.0 0.0.0.0 on each context that is context1,context2 , after that you should able to access ASDM to each context.


regards

karuppu

roussillon Thu, 03/04/2010 - 09:06
User Badges:

Thanks but I allready have this type of line. It does not help


Thanks again.

KARUPPUCHAMY MA... Thu, 03/04/2010 - 09:09
User Badges:
  • Silver, 250 points or more

Hi,


Can you paste the output of the below command


sh run | i http (in all the context)


reagrds

karuppu

roussillon Thu, 03/04/2010 - 09:35
User Badges:

output of command show run | include http


context1


aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin


context admin


http server enable
http 0.0.0.0 0.0.0.0 management


Thanks

KARUPPUCHAMY MA... Thu, 03/04/2010 - 09:50
User Badges:
  • Silver, 250 points or more

Hi,


As per your output,the configuration is ok.The interface name (admin) which you have mentioned in http command,it should be reachable from your client.


Check the reachabilty from your desktop to the admin interface ip address.


regards

karuppu

roussillon Thu, 03/04/2010 - 09:57
User Badges:

thanks


I am writing you behind this interface & the ping works.


Thanks

roussillon Fri, 03/05/2010 - 01:10
User Badges:

Hi all


Sorry If I write again about this but probleme is that I can not find the solution of this problème

I will start from the begining.


two pix in single mode they were working perfectly acces to asdm worked well. Acces was possible to each pix  from a management interface & from an admin interface(vlan) inside those pixs


We deciced to use active/active/failover

we converted one pix to multiple context, we configured failover for thisone as being active 'failover unit primary'


then we converted the second one to multiple context and configure  failover on it  as being secondary 'failover unit secondary'


Replication works well.


We have one management interface on each pix. After conversion to multiple context the management interface was automatically placed in admin context.  The admin interface is in context1 wich is the desired beheavor.



I can acces the contexts (admin; context1, context2 in ssh & telnet). but the only context accessible in asdm is the admin context.



- I noticed that in system context i can do show flash:  , wish is not the case for the others contexts.


- I noticed that in system context I can execute the command asdm image, wish is not the case for the others contexts. of course in contexts other thah system i can not see the flash content.


Any idea please we are in a hurry.


Thanks

KARUPPUCHAMY MA... Fri, 03/05/2010 - 01:27
User Badges:
  • Silver, 250 points or more

Hi,


can you try to configure the resource allocation in your system context(admin context).


class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5


can you paste the output of the below command


hostname# show resource usage system counter all 0

regards
karuppu

roussillon Fri, 03/05/2010 - 02:16
User Badges:

Hi

thanks for your answer

in order to be able to execue your commansd I have to do


changeto system


and there is

class default

  limit-resource All 0

  limit-resource ASDM 5

  limit-resource SSH 5

  limit-resource Telnet 5


being there i did:


show resource usage system counter all 0


that's the output.



Resource                  Current         Peak      Limit            Denied   Context
Telnet                        0                  1           100                0            System
SSH                           1                  2           100               0            System
ASDM                        1                  5           32                 0            System
Syslogs [rate]             1                 668        N/A               0            System
Conns                       16082           42031    1000000       0            System
Xlates                        69                132        N/A               0            System
Hosts                        2626            4672        N/A              0           System
Conns [rate]             168              1285        N/A               0           System
Inspects [rate]           3                 37           N/A               0           System


Thanks again

Kureli Sankar Fri, 03/05/2010 - 05:57
User Badges:
  • Cisco Employee,

The contexts that fail to launch ASDM what do the logs show?

You have http enabled right? and the IP address from which you are trying asdm in the http line.


http server enable

http x.x.x.x 255.255.255.255 inside


where inside is the name of the interface and x.x.x.x is the ip address of the client.


Check and see what the logs show.


-KS

roussillon Fri, 03/05/2010 - 07:33
User Badges:

Hi Thanks.



- the output of command show run | include http in context1


aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin


where the interface admin is a vlan


- the output of command in context admin


http server enable
http 0.0.0.0 0.0.0.0 management


where management is a dedicated interface "ethernet0"


I am actually writing from a work station that has as gateway  the interface admin  i can do ping , i can telnet & ssh to it but not asdm i get Unable to launch device manager from ....


Thanks

Kureli Sankar Fri, 03/05/2010 - 07:43
User Badges:
  • Cisco Employee,

WHAT DO THE LOGS SAY WHEN IT FAILS?

conf t

logging buffered 7

sh logg | i x.x.x.x where x.x.x.x is the client that you are using to asdm from.


If you can telnet and ssh to the same IP address then, configuration is not a problem.


- the output of command show run | include http in context1


aaa authentication http console LOCAL
aaa authentication secure-http-client ----------> you can remove this and make it simple and try.
http server enable
http 0.0.0.0 0.0.0.0 admin


collect captures and see what may be going on.




-KS

roussillon Fri, 03/05/2010 - 08:24
User Badges:

Hi

there is nothing in logs


if I do https to the context1 admin interface i get " the connection have being reinitialized during page loading"


if i do https to the management interface of the admin context it proppose me to download asdm launcher.


thanks

Kureli Sankar Fri, 03/05/2010 - 08:50
User Badges:
  • Cisco Employee,

When you asdm in from this client PC could you pls. wireshark your requests? Doesn't look like these are reaching the context interface at all.

You can collect captures on the context as well.


This is getting a little involved. May be a good idea to open a TAC case so, they can collect debugs and captures and analyze them.


-KS

Actions

This Discussion