second ASA5510 for development work

Answered Question
Jun 7th, 2012

Up to now we've been making configuration changes to a production unit.  Not such a good idea.

We just bought a second ASA5510 to be used as a test unit but we're having trouble getting past the install of ASDM.  We used the console interface to reset the unit to factory settings and then we followed the Cisco Getting started guide. 

We are connected to the management port using a crossover cable (per the instructions) and we opened a web browser to the following url (again... per the instructions) https://192.168.1.1/admin   As expected we receive a certificate warning that we are instructed to ignore.  We click on continue and we receive the dreaded "Unable to Launch Device Manager from 192.168.1.1" and the only option is to hit OK.

I realize its not much to go on, but that's all we've got.  We can connect using the Console port and execute commands but at this point we would prefer using the ASDM.  I'm assuming the ASDM image is either not on the disk in the ASA of if it is there is something wrong with it.

Yes we enable HTTP on the management port.

Any ideas/suggestions would be greatly appreciated.

Ed

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 1 year 10 months ago

hi Ed,

Since you already have your management port configured with IP Address, you can connect a PC directly to that management port, and give your PC an ip address of 192.168.1.5 (mask: 255.255.255.0), default gateway: 192.168.1.1.

Your PC should have the TFTP server enabled, with the ASDM.bin image on the default directory of your TFTP server.

Then from the CLI, make sure you can ping to and from the PC and ASA (from PC, see if you can ping 192.168.1.1, and from ASA, see if you can ping 192.168.1.5).

Then to copy the file: type: copy tftp flash, and then just follow the prompt.

Once it's transfered, if you issue "sh flash", you should see that ASDM image in your flash.

Once it's in flash, then go to "config t" mode, then issue: "asdm image flash:/"

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (3 ratings)
Jennifer Halim Thu, 06/07/2012 - 19:21

Can you please share the config "sh run" from your console access.

Also share the output of "sh flash"

smsbconsulting Sun, 06/10/2012 - 07:01

Sorry I took so long to get back to you.  Here are the two listings you requested.

Thanks again.

Ed

                  

ciscoasa#

ciscoasa# sh ru

: Saved

:

ASA Version 8.2(4)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

pager lines 24

logging asdm informational

mtu management 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

!

prompt hostname context

Cryptochecksum:eab690a0461cde55ad2ef8cf420385dc

: end

ciscoasa#

ciscoasa# sh flash

--#-- --length-- -----date/time------ path

76 15261696 Oct 04 2011 17:59:08 asa824-k8.bin

3 2048 Oct 04 2011 18:04:32 log

8 2048 Oct 04 2011 18:05:02 crypto_archive

9 2048 Oct 04 2011 18:05:04 coredumpinfo

10 43 Oct 04 2011 18:05:04 coredumpinfo/coredump.cfg

62904320 bytes total (47357952 bytes free)

ciscoasa#

smsbconsulting Sun, 06/10/2012 - 14:10

Jennifer

Please excuse my ignorance but I have no idea how to copy the asdm image to flash. 

Some background information...

I am connected to the console port of the ASA via ComPort1 on a Windows Server 2003 using hyperterminal.  I can execute CLI commands through the hyperterminal screen but when I attempt to execute the instructions in the link you provided I get an error.

The instructions I am attempting to follow are...

To specify the location of the ASDM software image in Flash memory, use the asdm image command in global configuration mode. 

When I execute the asdm image command I get an error with the error pointer indicating the word image as the problem.  Perhaps the image must already exist on disk0 before I execute the asdm image command using the .bin file name.

I have the ASDM.bin file on a CD I got from Cisco but I have no idea how to copy that image from CD to the flash (disk0) on the ASA.  In fact... I have no idea how to copy anything to the disk on the ASA.  Perhaps I need to configure one of the ASA ports as "inside" on the same subnet as the Windows server so I can access the TFTP server I have running on the Windows 2003 machine.

As you might have expected... I already attempted the TFTP copy command but when I enter the IP of the host and then enter the name of the asdm.bin file I get a "device not found" error.  Not surprising that the "device" is not found given the fact that the ASA knows nothing about the TFTP server running on the Windows 2003 machine.  I'm assuming the ASA doesn't know how to (or can't) connect to the TFTP server via the Console port if the only information the ASA has is the IP address of the TFTP server and the only connection to the TFTP server is though an old com port. 

As you can see I'm lost in a sea of unknowns.  If someone could just point me in the right direction... like how do I get the ASA to connect to my TFTP server.... or, is there another way to copy the .bin file from the Cisco CD to the flash (disk0)?

Thanks for your help.

Ed

Correct Answer
Jennifer Halim Sun, 06/10/2012 - 19:57

hi Ed,

Since you already have your management port configured with IP Address, you can connect a PC directly to that management port, and give your PC an ip address of 192.168.1.5 (mask: 255.255.255.0), default gateway: 192.168.1.1.

Your PC should have the TFTP server enabled, with the ASDM.bin image on the default directory of your TFTP server.

Then from the CLI, make sure you can ping to and from the PC and ASA (from PC, see if you can ping 192.168.1.1, and from ASA, see if you can ping 192.168.1.5).

Then to copy the file: type: copy tftp flash, and then just follow the prompt.

Once it's transfered, if you issue "sh flash", you should see that ASDM image in your flash.

Once it's in flash, then go to "config t" mode, then issue: "asdm image flash:/"

smsbconsulting Mon, 06/11/2012 - 05:03

Thank you Jennifer

Your instructions were crystal clear and right on the money.  ASDM is up and running.

Ed

Actions

Login or Register to take actions

This Discussion

Posted June 7, 2012 at 3:27 PM
Stats:
Replies:6 Avg. Rating:5
Views:417 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,866
2 6,140
3 3,170
4 1,473
5 1,446