cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6050
Views
0
Helpful
14
Replies

asdm on multiple context Unable to launch device manager

roussillon
Level 1
Level 1

Hi

i have two systems with multiple context( admin, context1, context2)

is it possible to use asdm in multiple context? I can reach asdm using the ip address of the admin context, but not with the ip addres of context1 or context2. nevertheless I can connect in ssh & telnet. I regenareted the key pair with not change.

i have the following message:

Unable to launch device manager from

Any ideas?

thanks

14 Replies 14

Hi,

is it possible to use asdm in multiple context?  -- yes. it is possible

You need to configure https 0.0.0.0 0.0.0.0 on each context that is context1,context2 , after that you should able to access ASDM to each context.

regards

karuppu

Thanks but I allready have this type of line. It does not help

Thanks again.

Hi,

Can you paste the output of the below command

sh run | i http (in all the context)

reagrds

karuppu

output of command show run | include http

context1

aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin

context admin

http server enable
http 0.0.0.0 0.0.0.0 management

Thanks

Hi,

As per your output,the configuration is ok.The interface name (admin) which you have mentioned in http command,it should be reachable from your client.

Check the reachabilty from your desktop to the admin interface ip address.

regards

karuppu

thanks

I am writing you behind this interface & the ping works.

Thanks

Hi all

Sorry If I write again about this but probleme is that I can not find the solution of this problème

I will start from the begining.

two pix in single mode they were working perfectly acces to asdm worked well. Acces was possible to each pix  from a management interface & from an admin interface(vlan) inside those pixs

We deciced to use active/active/failover

we converted one pix to multiple context, we configured failover for thisone as being active 'failover unit primary'

then we converted the second one to multiple context and configure  failover on it  as being secondary 'failover unit secondary'

Replication works well.

We have one management interface on each pix. After conversion to multiple context the management interface was automatically placed in admin context.  The admin interface is in context1 wich is the desired beheavor.

I can acces the contexts (admin; context1, context2 in ssh & telnet). but the only context accessible in asdm is the admin context.

- I noticed that in system context i can do show flash:  , wish is not the case for the others contexts.

- I noticed that in system context I can execute the command asdm image, wish is not the case for the others contexts. of course in contexts other thah system i can not see the flash content.

Any idea please we are in a hurry.

Thanks

Hi,

can you try to configure the resource allocation in your system context(admin context).

class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5

can you paste the output of the below command

hostname# show resource usage system counter all 0

regards
karuppu

Hi

thanks for your answer

in order to be able to execue your commansd I have to do

changeto system

and there is

class default

  limit-resource All 0

  limit-resource ASDM 5

  limit-resource SSH 5

  limit-resource Telnet 5

being there i did:

show resource usage system counter all 0

that's the output.


Resource                  Current         Peak      Limit            Denied   Context
Telnet                        0                  1           100                0            System
SSH                           1                  2           100               0            System
ASDM                        1                  5           32                 0            System
Syslogs [rate]             1                 668        N/A               0            System
Conns                       16082           42031    1000000       0            System
Xlates                        69                132        N/A               0            System
Hosts                        2626            4672        N/A              0           System
Conns [rate]             168              1285        N/A               0           System
Inspects [rate]           3                 37           N/A               0           System

Thanks again

The contexts that fail to launch ASDM what do the logs show?

You have http enabled right? and the IP address from which you are trying asdm in the http line.

http server enable

http x.x.x.x 255.255.255.255 inside

where inside is the name of the interface and x.x.x.x is the ip address of the client.

Check and see what the logs show.

-KS

Hi Thanks.

- the output of command show run | include http in context1

aaa authentication http console LOCAL
aaa authentication secure-http-client
http server enable
http 0.0.0.0 0.0.0.0 admin

where the interface admin is a vlan

- the output of command in context admin

http server enable
http 0.0.0.0 0.0.0.0 management

where management is a dedicated interface "ethernet0"

I am actually writing from a work station that has as gateway  the interface admin  i can do ping , i can telnet & ssh to it but not asdm i get Unable to launch device manager from ....

Thanks

WHAT DO THE LOGS SAY WHEN IT FAILS?

conf t

logging buffered 7

sh logg | i x.x.x.x where x.x.x.x is the client that you are using to asdm from.

If you can telnet and ssh to the same IP address then, configuration is not a problem.

- the output of command show run | include http in context1

aaa authentication http console LOCAL
aaa authentication secure-http-client ----------> you can remove this and make it simple and try.
http server enable
http 0.0.0.0 0.0.0.0 admin

collect captures and see what may be going on.

-KS

Hi

there is nothing in logs

if I do https to the context1 admin interface i get " the connection have being reinitialized during page loading"

if i do https to the management interface of the admin context it proppose me to download asdm launcher.

thanks

When you asdm in from this client PC could you pls. wireshark your requests? Doesn't look like these are reaching the context interface at all.

You can collect captures on the context as well.

This is getting a little involved. May be a good idea to open a TAC case so, they can collect debugs and captures and analyze them.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: