cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5011
Views
0
Helpful
14
Replies

Unable to access Pix 515 via ASDM

ralphstaiano
Level 1
Level 1

I am new to this company and the employees that setup this equipment is gone. The history about this box is that they had access through the ASDM untill they changed the management interfaces to Vlan 50.

The pix firewall is 192.168.50.10 and my interface to my PC is on Vlan 10 which is 192.168.10.115. I can ping 192.168.50.10 but I am unable to access this through ASDM. I believe the pix is denying me.

When I look in the config i see the ASDM image and I see that they have http server enabled.

I see my network 192.168.10.0 as inside but I don't see 192.168.50.0.

I could have just tried this but I wanted to ask someone before I did this as it's in production and I don't know to many people.

Regards

Ralph

14 Replies 14

Anu M Chacko
Cisco Employee
Cisco Employee

Hi Ralph,

Please check if you have allowed your network to access ASDM on the interface that yo're connected to. If you're trying to access the PIX on interface(say, is named "inside") from 192.168.10.115, you need to have:

http 192.168.10.115 255.255.255.255 inside

the "inside" interface will be in the 192.168.10.x subnet. Let me know if you have more queries.

Hope this helps!

Regards,

Anu

Hi Anu

Thank you for responding to my question. It didn't work but what you said is exactly what I throught. Thanks.

Next silly ?. If i telnet into the pix by entering in the password is that the same username and password that would enter if I were entering into the ASDM?

Ralph

I decided to access ASDM and console in at the same time. my tool is logging errors

I believe it's a denial from my firewall as no rule is set on this new interface so it's an inplicate denial.

the log error is showing this error when I try to log into the ASDM

TCP access denied by ACL from 192.168.40.197/7897 to intf4:192.168.40.2/443

I added this statement in

access-list intf4 extended permit tcp 192.168.40.0 255.255.255.0 interface intf4 eq https

I am getting the same error.

Hi Ralph,

Please post the output of "sh run" here.

Regards,

Anu


Hi Anu

I am unable to do that for security reasons.

Hi Mario

Give me a few mins and I will find out.

It running 6.1

ASDM supports Cisco PIX Security Appliance Software Version 7.0+, is this what you have?

What I can give is this

interface Ethernet4

Vlan 40

nameif intf4

security-level 8

ip address 192.168.40.2 255.255.255.0

ospf cost 10

access-list intf4 extended permit tcp 192.168.40.0 255.255.255.0 interface intf4 eq https

http server enable

http 192.168.40.0 255.255.255.0 inside

The error

TCP access denied by ACL from 192.168.40.197/7897 to intf4:192.168.40.2/443

192.168.40.197 is the PC that I am trying to connect to using the ASDM.  The intf4 is the 4th interface on the pix that is also setup on Vlan 40. I am looking at the rule that I set and I don't see what I did wrong.

I am wondering if its the netmask. Could it be an inverse mask. Should I try 0.0.0.255

I'd try that see if it helps.

I tried

https://192.168.40.2:444 and I get internet explorer cann't display the page. But I do not get a denial of service from the pix. No errors.

https://192.168.40.2:443 I get a denial of service and can not display the page.

When I use the ASDM software I just get a denial of service with no connection.

Hey Ralph,

Sorry for getting back to you late.Can you try upgrading the ASDM version to 6.1.5? Here is the link from where you can download the ASDM image:

http://www.cisco.com/cisco/software/release.html?mdfid=279513399&flowid=4462&softwareid=280775064&release=6.1.5&rellifecycle=&relind=AVAILABLE&reltype=latest

Here is the procedure to upgrade:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml#maintask2

Hope this helps!

Regards,

Anu

Hi Ralph,

So, the ASDM version is 6.1. What about the PIX version? The inverse mask cannot be used on the PIX. What error message do you see when you try to access the ASDM? Are you trying to access using the browser or the launcher? Are you using webvpn? If yes, try changing the port to another one, like 444(http server enable 444) and then type https://192.168.40.2:444. This should take you to the ASDM page.

Also, verify the java version that you're running on your PC.

Let me know.

Regards,

Anu

Mario, Anu

Made a mistake on the versions.

I made a mistake in my notes.

Cisco PIX Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(2)

Compiled on Fri 15-Jun-07 18:25 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: