Hi Julio,

Thanks for the reply. I was using Java 5 and recently upgraded to 7 because of this issue.

It is not prompting for username and password, It throws the error before that "unable to load application"

As requested, Please see the below capture.

bej5505fw01(config)# show cap asp | include 10.103.154.213

586: 05:58:08.614287 802.1Q vlan#1 P0 10.103.154.213.3883 > 10.102.48.2.443: F 3020129898:3020129898(0) ack 3841894189 win 65528

Cheers

Ram

Hello,

So you had the issue while ussing java 5??? Is that correct? Are you 100 % sure of that??

I am asking that because there are known issues with ASDM while using java version 7.

Can you provide me the following:

show run ssl

Any other question..Sure..Just remember to rate all the helpful posts.

Hi,

Yes, I had issues while using Java 5. So i updated it to version 7.

bej5505fw01# sh run ssl

ssl encryption des-sha1

Hello Ramkumar,

Okay...

Do the following for me:

Show version and provide me the output

We are getting closer already know what is the issue

Regards,

Julio

Hi Julio:

I am having the same issue, but after running the command ssl encryption aes256-sha1 des-sha1 3des-sha1, it didn't fix my issue.

I did debug http, and it gives me the following message:

sec/act(config)# listen: Received HTTP request.
Started http listen on interface MGMT port 443
HTTP: processing GET URL '/admin/public/index.html' from host 10.1.16.255
HTTP: authentication not required
HTTP: file not found: public/index.html

Any help is appreciated.

Here you go...

bej5505fw01# sh ver

Cisco Adaptive Security Appliance Software Version 8.3(2)

Device Manager Version 6.4(5)

Compiled on Fri 30-Jul-10 17:49 by builders

System image file is "disk0:/asa832-k8.bin"

Config file at boot was "startup-config"

bej5505fw01 up 4 days 1 hour

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz

Internal ATA Compact Flash, 128MB

BIOS Flash M50FW080 @ 0xfff00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)

                             Boot microcode   : CN1000-MC-BOOT-2.00

                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03

                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06

0: Int: Internal-Data0/0    : address is 0023.33cd.ffcb, irq 11

1: Ext: Ethernet0/0         : address is 0023.33cd.ffc3, irq 255

2: Ext: Ethernet0/1         : address is 0023.33cd.ffc4, irq 255

3: Ext: Ethernet0/2         : address is 0023.33cd.ffc5, irq 255

4: Ext: Ethernet0/3         : address is 0023.33cd.ffc6, irq 255

5: Ext: Ethernet0/4         : address is 0023.33cd.ffc7, irq 255

6: Ext: Ethernet0/5         : address is 0023.33cd.ffc8, irq 255

7: Ext: Ethernet0/6         : address is 0023.33cd.ffc9, irq 255

8: Ext: Ethernet0/7         : address is 0023.33cd.ffca, irq 255

9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255

10: Int: Not used            : irq 255

11: Int: Not used            : irq 255

Licensed features for this platform:

Maximum Physical Interfaces    : 8              perpetual

VLANs                          : 3              DMZ Restricted

Dual ISPs                      : Disabled       perpetual

VLAN Trunk Ports               : 0              perpetual

Inside Hosts                   : Unlimited      perpetual

Failover                       : Disabled       perpetual

VPN-DES                        : Enabled        perpetual

VPN-3DES-AES                   : Enabled        perpetual

SSL VPN Peers                  : 2              perpetual

Total VPN Peers                : 10             perpetual

Shared License                 : Disabled       perpetual

AnyConnect for Mobile          : Disabled       perpetual

AnyConnect for Cisco VPN Phone : Disabled       perpetual

AnyConnect Essentials          : Disabled       perpetual

Advanced Endpoint Assessment   : Disabled       perpetual

UC Phone Proxy Sessions        : 2              perpetual

Total UC Proxy Sessions        : 2              perpetual

Botnet Traffic Filter          : Enabled        460 days

Intercompany Media Engine      : Disabled       perpetual

This platform has a Base license.

Serial Number: JMX1245Z1TF

Running Permanent Activation Key: 0x173ccb69 0x4cf555d3 0x10230dcc 0xb6a8580c 0x8f0616bb

Running Timebased Activation Key: 0x3a1bf4e2 0xa175ee9d 0x25bb0a5f 0xe7dff0cb 0xc3b50abe

Configuration register is 0x1

Configuration last modified by hartmannj at 07:05:48.057 UTC Mon Oct 15 2012

You are the MAN...

It is working now, how did you identify the issue ?

Hello Ramkumar,

Long time working on cases like this

With issues like this I start with the basics:

- Check the ASDM image is in flash

-Check the http server service on the asa is enabled for the right subnets

-Check the java version

-Check the ssl encryption algorithm used by the asa ( and here is where your problem was, as you were using a poor encryption algorithm different from what the client was trying to use, so as soon as we changed the client and server were able to negotiate and maintain the TLS/SSL session)

Hope this helps,

Julio

Great, Thanks a lot Julio.

Do Keep in touch, my Facebook ID ramuccna@gmail.com if interested just send an invite.

Thanks for your time mate.

Cheers

Ram

Hello,

Sure, my pleasure

Regards

Hi dear,

any reason you see why its not working for me .

HTTP: processing GET URL '/admin/public/jploader.jar' from host 10.202.10.33
HTTP: authentication not required
HTTP: sending file: public/jploader.jar, length: 67324
HTTP: processing GET URL '/admin/public/dm-launcher.jar' from host 10.202.10.33
HTTP: authentication not required
HTTP: sending file: public/dm-launcher.jar, length: 105006
HTTP: session verified =  [0]
HTTP: processing GET URL '/admin/public/lzma.jar' from host 10.202.10.33
HTTP: authentication not required
HTTP: sending file: public/lzma.jar, length: 9326
HTTP: session verified =  [0]
HTTP: processing GET URL '/admin/public/retroweaver-rt-2.0.jar' from host 10.202.10.33
HTTP: authentication not required
HTTP: sending file: public/retroweaver-rt-2.0.jar, length: 110994
HTTP: session verified =  [0]
HTTP: processing GET URL '/admin/public/asdm32.gif' from host 10.202.10.33
HTTP: authentication not required
HTTP: file not modified: public/asdm32.gif

Fixed my issue too.  I had recently removed an old certificate and added a new one and during the process it added the line " SSL encryption aes256-sha1", which wasn't there before.   After adding the full line "ssl encryption aes256-sha1 des-sha1 3des-sha1" it worked.  Thanks!   2 hours spent trying to figure out the problem.