asdm on multiple context Unable to launch device manager

Unanswered Question
Mar 4th, 2010

Hi

i have two systems with multiple context( admin, context1, context2)

is it possible to use asdm in multiple context? I can reach asdm using the ip address of the admin context, but not with the ip addres of context1 or context2. nevertheless I can connect in ssh & telnet. I regenareted the key pair with not change.

i have the following message:

Unable to launch device manager from

Any ideas?

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
KARUPPUCHAMY MA... Thu, 03/04/2010 - 08:50

Hi,

is it possible to use asdm in multiple context?  -- yes. it is possible

You need to configure https 0.0.0.0 0.0.0.0 on each context that is context1,context2 , after that you should able to access ASDM to each context.

regards

karuppu

roussillon Thu, 03/04/2010 - 09:06

Thanks but I allready have this type of line. It does not help

Thanks again.

KARUPPUCHAMY MA... Thu, 03/04/2010 - 09:09

Hi,

Can you paste the output of the below command

sh run | i http (in all the context)

reagrds

karuppu

roussillon Thu, 03/04/2010 - 09:35

output of command show run | include http

context1

aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin

context admin

http server enable
http 0.0.0.0 0.0.0.0 management

Thanks

KARUPPUCHAMY MA... Thu, 03/04/2010 - 09:50

Hi,

As per your output,the configuration is ok.The interface name (admin) which you have mentioned in http command,it should be reachable from your client.

Check the reachabilty from your desktop to the admin interface ip address.

regards

karuppu

roussillon Thu, 03/04/2010 - 09:57

thanks

I am writing you behind this interface & the ping works.

Thanks

roussillon Fri, 03/05/2010 - 01:10

Hi all

Sorry If I write again about this but probleme is that I can not find the solution of this problème

I will start from the begining.

two pix in single mode they were working perfectly acces to asdm worked well. Acces was possible to each pix  from a management interface & from an admin interface(vlan) inside those pixs

We deciced to use active/active/failover

we converted one pix to multiple context, we configured failover for thisone as being active 'failover unit primary'

then we converted the second one to multiple context and configure  failover on it  as being secondary 'failover unit secondary'

Replication works well.

We have one management interface on each pix. After conversion to multiple context the management interface was automatically placed in admin context.  The admin interface is in context1 wich is the desired beheavor.

I can acces the contexts (admin; context1, context2 in ssh & telnet). but the only context accessible in asdm is the admin context.

- I noticed that in system context i can do show flash:  , wish is not the case for the others contexts.

- I noticed that in system context I can execute the command asdm image, wish is not the case for the others contexts. of course in contexts other thah system i can not see the flash content.

Any idea please we are in a hurry.

Thanks

KARUPPUCHAMY MA... Fri, 03/05/2010 - 01:27

Hi,

can you try to configure the resource allocation in your system context(admin context).

class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5

can you paste the output of the below command

hostname# show resource usage system counter all 0

regards
karuppu

roussillon Fri, 03/05/2010 - 02:16

Hi

thanks for your answer

in order to be able to execue your commansd I have to do

changeto system

and there is

class default

  limit-resource All 0

  limit-resource ASDM 5

  limit-resource SSH 5

  limit-resource Telnet 5

being there i did:

show resource usage system counter all 0

that's the output.


Resource                  Current         Peak      Limit            Denied   Context
Telnet                        0                  1           100                0            System
SSH                           1                  2           100               0            System
ASDM                        1                  5           32                 0            System
Syslogs [rate]             1                 668        N/A               0            System
Conns                       16082           42031    1000000       0            System
Xlates                        69                132        N/A               0            System
Hosts                        2626            4672        N/A              0           System
Conns [rate]             168              1285        N/A               0           System
Inspects [rate]           3                 37           N/A               0           System

Thanks again

Kureli Sankar Fri, 03/05/2010 - 05:57

The contexts that fail to launch ASDM what do the logs show?

You have http enabled right? and the IP address from which you are trying asdm in the http line.

http server enable

http x.x.x.x 255.255.255.255 inside

where inside is the name of the interface and x.x.x.x is the ip address of the client.

Check and see what the logs show.

-KS

roussillon Fri, 03/05/2010 - 07:33

Hi Thanks.

- the output of command show run | include http in context1

aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin

where the interface admin is a vlan

- the output of command in context admin

http server enable
http 0.0.0.0 0.0.0.0 management

where management is a dedicated interface "ethernet0"

I am actually writing from a work station that has as gateway  the interface admin  i can do ping , i can telnet & ssh to it but not asdm i get Unable to launch device manager from ....

Thanks

Kureli Sankar Fri, 03/05/2010 - 07:43

WHAT DO THE LOGS SAY WHEN IT FAILS?

conf t

logging buffered 7

sh logg | i x.x.x.x where x.x.x.x is the client that you are using to asdm from.

If you can telnet and ssh to the same IP address then, configuration is not a problem.

- the output of command show run | include http in context1

aaa authentication http console LOCAL
aaa authentication secure-http-client ----------> you can remove this and make it simple and try.
http server enable
http 0.0.0.0 0.0.0.0 admin

collect captures and see what may be going on.

-KS

roussillon Fri, 03/05/2010 - 08:24

Hi

there is nothing in logs

if I do https to the context1 admin interface i get " the connection have being reinitialized during page loading"

if i do https to the management interface of the admin context it proppose me to download asdm launcher.

thanks

Kureli Sankar Fri, 03/05/2010 - 08:50

When you asdm in from this client PC could you pls. wireshark your requests? Doesn't look like these are reaching the context interface at all.

You can collect captures on the context as well.

This is getting a little involved. May be a good idea to open a TAC case so, they can collect debugs and captures and analyze them.

-KS

Actions

This Discussion