ASDM and the management interface on a 5510

Unanswered Question
Aug 16th, 2010
User Badges:

Hi,


I'm trying to set up a pair of ASA 5510's in active/standby mode, and I've hit a bit of a problem. I've completed the following steps:


1. Out of the box, i've used the configure factory-default <ip-address> <subnet mask> to set an IP address on the management interface. I've plugged my laptop directly into the management port using a cross-over cable, and I can connect to the ASA using ASDM.


2. I then configured active/standby failover, and this appears to be working fine.


3. I then added a configuration via the CLI. This config is from a pair of PiX 515's that are being replaced. The config was generated using the PiX to ASA configuration converter available on cisco.com.


4. After adding this config, I can still access the ASA via ASDM, and everything appears to be fine. I saved the config to flash and powered down both ASA's.


5. Today, i've installed the ASA's on site. When I connect my laptop to the management interace using a cross-over cable, I can no longer connect using ASDM. when I try and use a web page with the address https://<ip-address>, I get the warning about using unsigned certificates, which I accept. I then get prompted for a username and password, which I have entered correctly. I then get a HTTP 404 - website not found message.


At first i thought it might be an access rule on the management interface, so I created a permit ip any any rule (for testing purposes) and applied it to the management interface, but this made no difference.


Can anyone point me in the right direction to fix this?


Thanks,


Frank

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Mon, 08/16/2010 - 22:24
User Badges:
  • Cisco Employee,

Can you please share the following output to see what the problem might be:


sh run http

sh run aaa


And also what username do you use to log in via ASDM?

frank.mcdaid Mon, 08/16/2010 - 22:40
User Badges:

ASA# sh run http

http server enable

http 10.12.1.0 255.255.255.0 management

http 10.64.31.64 255.255.255.224 management

ASA# sh run aaa

ASA#


10.12.1.0/24 contains the device management IP addresses at this site. 10.64.31.64/27 contains PC used to manage this ASA.


Username is blank and password is enable password.

Jennifer Halim Mon, 08/16/2010 - 22:45
User Badges:
  • Cisco Employee,

Please configure local username with the following command:


username password


and you should be able to log in using that username.


By default, the ASDM will use local database username/password.

frank.mcdaid Tue, 08/17/2010 - 17:27
User Badges:

I've added this to the config and it has not fixed the problem.


Anyone else have any idea's?

mirober2 Wed, 08/18/2010 - 08:14
User Badges:
  • Cisco Employee,

Hi Frank,


What version of ASA and ASDM software are you running?


Try enabling 'debug http' from the command line and then connecting to ASDM again. Does the output give any indication about what's happening? What page is the client trying to request that the ASA is responding with a 404 for?


-Mike

Allen P Chen Wed, 08/18/2010 - 16:42
User Badges:
  • Cisco Employee,

Hello,


Can you please provide the "show version" output from the ASA?  This will provide the current software installed as well as the ASDM version.  Perhaps there is a conflict with the software version on the ASA and the ASDM version.

Actions

This Discussion