06-07-2012 03:27 PM - edited 03-11-2019 04:16 PM
Up to now we've been making configuration changes to a production unit. Not such a good idea.
We just bought a second ASA5510 to be used as a test unit but we're having trouble getting past the install of ASDM. We used the console interface to reset the unit to factory settings and then we followed the Cisco Getting started guide.
We are connected to the management port using a crossover cable (per the instructions) and we opened a web browser to the following url (again... per the instructions) https://192.168.1.1/admin As expected we receive a certificate warning that we are instructed to ignore. We click on continue and we receive the dreaded "Unable to Launch Device Manager from 192.168.1.1" and the only option is to hit OK.
I realize its not much to go on, but that's all we've got. We can connect using the Console port and execute commands but at this point we would prefer using the ASDM. I'm assuming the ASDM image is either not on the disk in the ASA of if it is there is something wrong with it.
Yes we enable HTTP on the management port.
Any ideas/suggestions would be greatly appreciated.
Ed
Solved! Go to Solution.
06-10-2012 07:57 PM
hi Ed,
Since you already have your management port configured with IP Address, you can connect a PC directly to that management port, and give your PC an ip address of 192.168.1.5 (mask: 255.255.255.0), default gateway: 192.168.1.1.
Your PC should have the TFTP server enabled, with the ASDM.bin image on the default directory of your TFTP server.
Then from the CLI, make sure you can ping to and from the PC and ASA (from PC, see if you can ping 192.168.1.1, and from ASA, see if you can ping 192.168.1.5).
Then to copy the file: type: copy tftp flash, and then just follow the prompt.
Once it's transfered, if you issue "sh flash", you should see that ASDM image in your flash.
Once it's in flash, then go to "config t" mode, then issue: "asdm image flash:/
06-07-2012 07:21 PM
Can you please share the config "sh run" from your console access.
Also share the output of "sh flash"
06-10-2012 07:01 AM
Sorry I took so long to get back to you. Here are the two listings you requested.
Thanks again.
Ed
ciscoasa#
ciscoasa# sh ru
: Saved
:
ASA Version 8.2(4)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
pager lines 24
logging asdm informational
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
!
prompt hostname context
Cryptochecksum:eab690a0461cde55ad2ef8cf420385dc
: end
ciscoasa#
ciscoasa# sh flash
--#-- --length-- -----date/time------ path
76 15261696 Oct 04 2011 17:59:08 asa824-k8.bin
3 2048 Oct 04 2011 18:04:32 log
8 2048 Oct 04 2011 18:05:02 crypto_archive
9 2048 Oct 04 2011 18:05:04 coredumpinfo
10 43 Oct 04 2011 18:05:04 coredumpinfo/coredump.cfg
62904320 bytes total (47357952 bytes free)
ciscoasa#
06-10-2012 07:39 AM
2 things:
1) You haven't got the ASDM image uploaded to the flash.
2) Also you would need to configure the ASDM location on the ASA.
Upload the latest ASDM image to your ASA, then configure "asdm image flash:/
Here is the command for your reference;
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1663919
06-10-2012 02:10 PM
Jennifer
Please excuse my ignorance but I have no idea how to copy the asdm image to flash.
Some background information...
I am connected to the console port of the ASA via ComPort1 on a Windows Server 2003 using hyperterminal. I can execute CLI commands through the hyperterminal screen but when I attempt to execute the instructions in the link you provided I get an error.
The instructions I am attempting to follow are...
To specify the location of the ASDM software image in Flash memory, use the asdm image command in global configuration mode.
When I execute the asdm image command I get an error with the error pointer indicating the word image as the problem. Perhaps the image must already exist on disk0 before I execute the asdm image command using the .bin file name.
I have the ASDM.bin file on a CD I got from Cisco but I have no idea how to copy that image from CD to the flash (disk0) on the ASA. In fact... I have no idea how to copy anything to the disk on the ASA. Perhaps I need to configure one of the ASA ports as "inside" on the same subnet as the Windows server so I can access the TFTP server I have running on the Windows 2003 machine.
As you might have expected... I already attempted the TFTP copy command but when I enter the IP of the host and then enter the name of the asdm.bin file I get a "device not found" error. Not surprising that the "device" is not found given the fact that the ASA knows nothing about the TFTP server running on the Windows 2003 machine. I'm assuming the ASA doesn't know how to (or can't) connect to the TFTP server via the Console port if the only information the ASA has is the IP address of the TFTP server and the only connection to the TFTP server is though an old com port.
As you can see I'm lost in a sea of unknowns. If someone could just point me in the right direction... like how do I get the ASA to connect to my TFTP server.... or, is there another way to copy the .bin file from the Cisco CD to the flash (disk0)?
Thanks for your help.
Ed
06-10-2012 07:57 PM
hi Ed,
Since you already have your management port configured with IP Address, you can connect a PC directly to that management port, and give your PC an ip address of 192.168.1.5 (mask: 255.255.255.0), default gateway: 192.168.1.1.
Your PC should have the TFTP server enabled, with the ASDM.bin image on the default directory of your TFTP server.
Then from the CLI, make sure you can ping to and from the PC and ASA (from PC, see if you can ping 192.168.1.1, and from ASA, see if you can ping 192.168.1.5).
Then to copy the file: type: copy tftp flash, and then just follow the prompt.
Once it's transfered, if you issue "sh flash", you should see that ASDM image in your flash.
Once it's in flash, then go to "config t" mode, then issue: "asdm image flash:/
06-11-2012 05:03 AM
Thank you Jennifer
Your instructions were crystal clear and right on the money. ASDM is up and running.
Ed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide