Solved: ASA 5510 ASDM browsing problem

shahid_duet · ‎11-28-2013

Dear boss

I am using ASA 5510. i can telnet to it from a PC and have permission for HTTP and ASDM.

OS: win server 2003; java 6; asdm 6;

when i browse it takes user and password two times then show as attach picture and no browser appears.

i cant configure it graphically :

Help me plese.

shahid

jumora · ‎11-28-2013

What are the exact versions that you are running on the ASA and ASDM.

When you actually try to load ASDM it has a java mug click on it and copy the output.

¨show run all SSL¨ would be nice and show version from the ASA to see if you have 3des enabled.

show resource usage resource asdm

On the ASA CLI you can run the next debug and copy the output and post it.

debug http

Value our effort and rate the assistance!

View solution in original post

johnlloyd_13 · ‎11-30-2013

Could you try this instead?

no ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 des-sha1
ssl encryption aes256-sha1 des-sha1 3des-sha1

Sent from Cisco Technical Support iPhone App

View solution in original post

jumora · ‎11-30-2013

Problem: Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NumberFormatException: For input string: "1 year 0"

This problem is caused by Cisco bug ID CSCsr89144 (registered customers only) in ASA running for more than one year with ASDM 6.0.3 or 6.1. As a result, ASDM cannot be launched.

Solution

This error can be resolved by reloading the ASA.

Value our effort and rate the assistance!

View solution in original post

jumora · ‎11-30-2013

As you can see the ASA is been up and running for over a year;

DMZASA1 up 1 year 5 days

This is a good link for ASDM tshoot:

http://www.cisco.com/en/US/products/ps6121/products_tech_note09186a0080aaeff5.shtml

Value our effort and rate the assistance!

View solution in original post

johnlloyd_13 · ‎11-28-2013

Hi,

It seems your browser and Java are ok.

Could you post 'show run http' and 'show run ssl' output?

Sent from Cisco Technical Support iPhone App

jumora · ‎11-28-2013

What are the exact versions that you are running on the ASA and ASDM.

When you actually try to load ASDM it has a java mug click on it and copy the output.

¨show run all SSL¨ would be nice and show version from the ASA to see if you have 3des enabled.

show resource usage resource asdm

On the ASA CLI you can run the next debug and copy the output and post it.

debug http

Value our effort and rate the assistance!

Marius Gunnerud · ‎11-28-2013

Please post the output of the following commands:

show run http

show run aaa

show run | in asdm

--

Please rate all helpful posts

--
Please remember to select a correct answer and rate helpful posts

shahid_duet · ‎11-29-2013

All of ur required output ::

DMZASA1# show run http
http server enable
http x.x.x.x 255.255.255.255 local
http x.x.x.x 255.255.255.255 local
http redirect local 80
DMZASA1# show run ssl
DMZASA1# show run all ssl
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
DMZASA1# show run aaa
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
DMZASA1# show run | in asdm
logging asdm informational
asdm image disk0:/asdm-603.bin
asdm history enable
DMZASA1# debug http
debug http enabled at level 1.
DMZASA1# show ver
DMZASA1# show version

Cisco Adaptive Security Appliance Software Version 8.0(3)6
Device Manager Version 6.0(3)

Compiled on Thu 17-Jan-08 17:42 by builders
System image file is "disk0:/asa803-6-k8.bin"
Config file at boot was "startup-config"

DMZASA1 up 1 year 5 days

Hardware: ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : ☻CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: ♥CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.05

Can u please suggest me what can i do for ASDM luncher open.

johnlloyd_13 · ‎11-29-2013

Hi,

Can you add the 'des-sha1' keyword and try again?

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 des-sha1

Sent from Cisco Technical Support iPhone App

shahid_duet · ‎11-29-2013

hi johnlloyd

i added, but no change.

regards

shahid

johnlloyd_13 · ‎11-30-2013

Could you post the complete 'show version' output please?

Sent from Cisco Technical Support iPhone App

shahid_duet · ‎11-30-2013

DMZASA1# show ver

Cisco Adaptive Security Appliance Software Version 8.0(3)6
Device Manager Version 6.0(3)

Compiled on Thu 17-Jan-08 17:42 by builders
System image file is "disk0:/asa803-6-k8.bin"
Config file at boot was "startup-config"

DMZASA1 up 1 year 5 days

Hardware: ASA5510, 202 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : ☻CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: ♥CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode : ☺CNlite-MC-IPSECm-MAIN-2.05
0: Ext: Ethernet0/0         : address is 0021.d871.820e, irq 9
1: Ext: Ethernet0/1         : address is 0021.d871.820f, irq 9
2: Ext: Ethernet0/2         : address is 0021.d871.8210, irq 9
3: Ext: Ethernet0/3         : address is 0021.d871.8211, irq 9
4: Ext: Management0/0       : address is 0021.d871.820d, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs                : 100
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
VPN Peers                    : 250
WebVPN Peers                 : 2
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled

This platform has an ASA 5510 Security Plus license.

Serial Number: JMXxxxxxxxxxx
Running Activation Key: 0xaf01406a 0xf0524a87 0xbc 0x4cc 0xcf90
Configuration register is 0x1
Configuration last modified by xxxx at 22:38:33.943 UTC Fri Nov 29 2013
DMZASA1#

johnlloyd_13 · ‎11-30-2013

Could you try this instead?

no ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 des-sha1
ssl encryption aes256-sha1 des-sha1 3des-sha1

Sent from Cisco Technical Support iPhone App

jumora · ‎11-30-2013

java info is missing, can you please get that information for me please, if you forgot what I asked please refer to my last post

Value our effort and rate the assistance!

jumora · ‎11-30-2013

Problem: Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NumberFormatException: For input string: "1 year 0"

This problem is caused by Cisco bug ID CSCsr89144 (registered customers only) in ASA running for more than one year with ASDM 6.0.3 or 6.1. As a result, ASDM cannot be launched.

Solution

This error can be resolved by reloading the ASA.

Value our effort and rate the assistance!

jumora · ‎11-30-2013

As you can see the ASA is been up and running for over a year;

DMZASA1 up 1 year 5 days

This is a good link for ASDM tshoot:

http://www.cisco.com/en/US/products/ps6121/products_tech_note09186a0080aaeff5.shtml

Value our effort and rate the assistance!

shahid_duet · ‎11-30-2013

Dear all

I did :

no ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 des-sha1

ssl encryption aes256-sha1 des-sha1 3des-sha1

Then tried but no result.

After reloading i get luncher is ok.

May be reload is the bests solution.

shahid

jumora · ‎12-01-2013

You can upgrade to not encounter the issue in future.

Value our effort and rate the assistance!