Unable to access Pix 515 via ASDM

Unanswered Question
Sep 1st, 2011

I am new to this company and the employees that setup this equipment is gone. The history about this box is that they had access through the ASDM untill they changed the management interfaces to Vlan 50.

The pix firewall is 192.168.50.10 and my interface to my PC is on Vlan 10 which is 192.168.10.115. I can ping 192.168.50.10 but I am unable to access this through ASDM. I believe the pix is denying me.

When I look in the config i see the ASDM image and I see that they have http server enabled.

I see my network 192.168.10.0 as inside but I don't see 192.168.50.0.

I could have just tried this but I wanted to ask someone before I did this as it's in production and I don't know to many people.

Regards

Ralph

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
anchacko Sat, 09/03/2011 - 10:38

Hi Ralph,

Please check if you have allowed your network to access ASDM on the interface that yo're connected to. If you're trying to access the PIX on interface(say, is named "inside") from 192.168.10.115, you need to have:

http 192.168.10.115 255.255.255.255 inside

the "inside" interface will be in the 192.168.10.x subnet. Let me know if you have more queries.

Hope this helps!

Regards,

Anu

ralphstaiano Tue, 09/06/2011 - 11:45

Hi Anu

Thank you for responding to my question. It didn't work but what you said is exactly what I throught. Thanks.

Next silly ?. If i telnet into the pix by entering in the password is that the same username and password that would enter if I were entering into the ASDM?

Ralph

ralphstaiano Wed, 09/07/2011 - 08:11

I decided to access ASDM and console in at the same time. my tool is logging errors

I believe it's a denial from my firewall as no rule is set on this new interface so it's an inplicate denial.

the log error is showing this error when I try to log into the ASDM

TCP access denied by ACL from 192.168.40.197/7897 to intf4:192.168.40.2/443

I added this statement in

access-list intf4 extended permit tcp 192.168.40.0 255.255.255.0 interface intf4 eq https

I am getting the same error.

anchacko Wed, 09/07/2011 - 08:15

Hi Ralph,

Please post the output of "sh run" here.

Regards,

Anu

ralphstaiano Wed, 09/07/2011 - 08:42


Hi Anu

I am unable to do that for security reasons.

Hi Mario

Give me a few mins and I will find out.

ralphstaiano Wed, 09/07/2011 - 09:03

What I can give is this

interface Ethernet4

Vlan 40

nameif intf4

security-level 8

ip address 192.168.40.2 255.255.255.0

ospf cost 10

access-list intf4 extended permit tcp 192.168.40.0 255.255.255.0 interface intf4 eq https

http server enable

http 192.168.40.0 255.255.255.0 inside

The error

TCP access denied by ACL from 192.168.40.197/7897 to intf4:192.168.40.2/443

192.168.40.197 is the PC that I am trying to connect to using the ASDM.  The intf4 is the 4th interface on the pix that is also setup on Vlan 40. I am looking at the rule that I set and I don't see what I did wrong.

ralphstaiano Wed, 09/07/2011 - 09:09

I am wondering if its the netmask. Could it be an inverse mask. Should I try 0.0.0.255

anchacko Thu, 09/08/2011 - 08:21

Hey Ralph,

Sorry for getting back to you late.Can you try upgrading the ASDM version to 6.1.5? Here is the link from where you can download the ASDM image:

http://www.cisco.com/cisco/software/release.html?mdfid=279513399&flowid=4462&softwareid=280775064&release=6.1.5&rellifecycle=&relind=AVAILABLE&reltype=latest

Here is the procedure to upgrade:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml#maintask2

Hope this helps!

Regards,

Anu

anchacko Wed, 09/07/2011 - 09:22

Hi Ralph,

So, the ASDM version is 6.1. What about the PIX version? The inverse mask cannot be used on the PIX. What error message do you see when you try to access the ASDM? Are you trying to access using the browser or the launcher? Are you using webvpn? If yes, try changing the port to another one, like 444(http server enable 444) and then type https://192.168.40.2:444. This should take you to the ASDM page.

Also, verify the java version that you're running on your PC.

Let me know.

Regards,

Anu

ralphstaiano Wed, 09/07/2011 - 10:08

Mario, Anu

Made a mistake on the versions.

I made a mistake in my notes.

Cisco PIX Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(2)

Compiled on Fri 15-Jun-07 18:25 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Actions

Login or Register to take actions

This Discussion

Posted September 1, 2011 at 8:24 AM
Stats:
Replies:14 Avg. Rating:
Views:1351 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard