You don't seem to have added

jompolo01 · ‎06-29-2017

Hi,

Unfortunately we've changed firewall transparent option by mistake, after disable this option and restore factory-default, it doesn't work properly. Any idea about what the problem will be?

we are not able either to access asdm.

ciscoasa(config)# show run
: Saved
:
: Serial Number: JMX2116G0MW
: Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.1(6)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network obj_any
nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.0.0 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.132 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password tNI7r9C.X0ogRftT encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:989ddd24855abf3ec829329d526438e6
: end

asa(config)# show ip
System IP Addresses:
Interface Name IP address Subnet mask
Method
Vlan1 inside 192.168.1.1 255.255.255.0
CONFIG
Vlan2 outside 192.168.0.102 255.255.255.0
DHCP
Current IP Addresses:
Interface Name IP address Subnet mask
Method
Vlan1 inside 192.168.1.1 255.255.255.0
CONFIG
Vlan2 outside 192.168.0.102 255.255.255.0
DHCP

Thanks in advance and regards

Marvin Rhoads · ‎06-29-2017

There's no ASDM image specified in the configuration.

Do a "dir" to see your image version available on disk and then specify it thus in the config:

asdm image disk0:/asdm-xxx.bin

(substituting your version for "xxx")

jompolo01 · ‎06-29-2017

unfortunately it didn't fix the issue.

It looks like after modifying the config someone overwrite the new one and now if we do a default restore it is not configuring the same thing.

Marvin Rhoads · ‎06-29-2017

What happens when you try to access ASDM?

Please share the output of the following:

show firewall
show ver | i AES
show run asdm
dir

jompolo01 · ‎06-30-2017

Please find attached :

ciscoasa# show firewall
Firewall mode: Router
ciscoasa# show ver | i AES
Encryption-3DES-AES : Enabled perpetual
ciscoasa# show run asdm
no asdm history enable
ciscoasa# dir

Directory of disk0:/

140 -rwx 27150336 11:36:40 Apr 21 2017 asa916-k8.bin
141 -rwx 28672 00:00:00 Jan 01 1980 FSCK0000.REC
20 drwx 2048 11:38:00 Apr 21 2017 coredumpinfo
142 -rwx 25627616 11:38:44 Apr 21 2017 asdm-752.bin
10 drwx 2048 11:40:28 Apr 21 2017 log
19 drwx 2048 11:40:46 Apr 21 2017 crypto_archive
143 -rwx 196 11:41:12 Apr 21 2017 upgrade_startup_errors_201704211
141.log
145 -rwx 2048 00:00:00 Jan 01 1980 FSCK0001.REC
146 -rwx 12105313 11:45:34 Apr 21 2017 csd_3.5.841-k9.pkg
147 drwx 2048 11:45:38 Apr 21 2017 sdesktop
148 -rwx 2857568 11:45:38 Apr 21 2017 anyconnect-wince-ARMv4I-2.4.1012
-k9.pkg
149 -rwx 3203909 11:45:40 Apr 21 2017 anyconnect-win-2.4.1012-k9.pkg
150 -rwx 4832344 11:45:42 Apr 21 2017 anyconnect-macosx-i386-2.4.1012-
k9.pkg
151 -rwx 5209423 11:45:46 Apr 21 2017 anyconnect-linux-2.4.1012-k9.pkg

152 -rwx 28672 00:00:00 Jan 01 1980 FSCK0002.REC
153 -rwx 2048 00:00:00 Jan 01 1980 FSCK0003.REC

126971904 bytes total (43931648 bytes free)
ciscoasa#

Regards

Marvin Rhoads · ‎06-30-2017

You don't seem to have added the image into the config as I recommended earlier.

Please do so as follows:

conf t
asdm image disk0:/asdm-752.bin
end
wr mem

ASA 5505 after setting firewall transparent option by mistake.