cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9198
Views
0
Helpful
8
Replies

ASA asdm not working

nareh84
Level 3
Level 3

hi,

when i am trying to access the webpage for asdm then the internet explorer is showing "internet explorer can not display the webpage" from the inside interface. following is the show version and show runing config. i checked with asdm 6.2.1 and 6.4.9.kindly suggest what could be the reason..

CBAH# sh version

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.4(9)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

CBAH up 15 hours 1 min

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0  : address is c84c.7599.4810, irq 9
1: Ext: GigabitEthernet0/1  : address is c84c.7599.4811, irq 9
2: Ext: GigabitEthernet0/2  : address is c84c.7599.4812, irq 9
3: Ext: GigabitEthernet0/3  : address is c84c.7599.4813, irq 9
4: Ext: Management0/0       : address is c84c.7599.480f, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Disabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
SSL VPN Peers                : 2
Total VPN Peers              : 750
Shared License               : Disabled
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials        : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions      : 2
Total UC Proxy Sessions      : 2
Botnet Traffic Filter        : Disabled

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1432L0JM
Running Activation Key: 0x042cd360 0x4c819429 0xf4927584 0x8ea0082c 0x8f3d07bf
Configuration register is 0x1
Configuration last modified by enable_15 at 03:19:58.868 UTC Tue Jul 3 2012

show run

ASA Version 8.2(1)

!

hostname CBAH

domain-name corinthia.local

enable password 2KFQnbNIdI.2KYOU encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface GigabitEthernet0/0

nameif inside

security-level 100

ip address 192.168.1.216 255.255.255.0

!

interface GigabitEthernet0/1

nameif testing

security-level 100

ip address 192.168.2.1 255.255.255.0

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

<--- More --->

             

!

interface GigabitEthernet0/3

nameif outside

security-level 0

ip address 62.240.63.45 255.255.255.248

!

interface Management0/0

shutdown

nameif management

security-level 100

no ip address

management-only

!

ftp mode passive

dns domain-lookup outside

dns server-group DefaultDNS

name-server 62.240.32.5

name-server 62.68.42.2

name-server 4.2.2.2

name-server 4.2.2.3

domain-name corinthia.local

access-list outside_access_in extended permit icmp any any

access-list outside_access_in extended permit ip any any

access-list INTERNET extended permit ip 192.168.1.0 255.255.255.0 any

<--- More --->

             

access-list INTERNET extended permit ip 192.168.2.0 255.255.255.0 any

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu management 1500

mtu testing 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-649.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 access-list INTERNET

nat (inside) 1 192.168.1.0 255.255.255.0

nat (testing) 1 192.168.2.0 255.255.255.0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 62.240.63.42 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

<--- More --->

             

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

<--- More --->

             

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:e8c7560ce2dc8a100cc77f09a2b80393

: end

CBAH# sh flash:

--#--  --length--  -----date/time------  path

  124  16275456    Aug 03 2010 10:09:54  asa821-k8.bin

  125  11348300    Aug 03 2010 12:17:30  asdm-621.bin

    3  4096        Jan 01 2003 00:03:50  log

   10  4096        Jan 01 2003 00:03:58  crypto_archive

   11  4096        Jan 01 2003 00:04:30  coredumpinfo

   12  43          Jul 03 2012 03:18:45  coredumpinfo/coredump.cfg

  127  12105313    Aug 03 2010 12:14:58  csd_3.5.841-k9.pkg

  128  4096        Aug 03 2010 12:15:02  sdesktop

  135  1462        Aug 03 2010 12:15:02  sdesktop/data.xml

  129  2857568     Aug 03 2010 12:15:02  anyconnect-wince-ARMv4I-2.4.1012-k9.pkg

  130  3203909     Aug 03 2010 12:15:04  anyconnect-win-2.4.1012-k9.pkg

  131  4832344     Aug 03 2010 12:15:06  anyconnect-macosx-i386-2.4.1012-k9.pkg

  132  5209423     Aug 03 2010 12:15:08  anyconnect-linux-2.4.1012-k9.pkg

  133  18927088    Jun 28 2012 08:09:30  asdm-649.bin

1 Accepted Solution

Accepted Solutions

The luink shoudl be working, I tried that again:

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

To enter the license you need to do;

activation-key <5 tuple license key>

If the link does not work, send an e-mail to licensing@cisco.com and they would send you the license file.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

8 Replies 8

varrao
Level 10
Level 10

You would need a 3DES license for it, kindly download and install the limcense from the link below, and it should work after that:

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

Its for free.

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

hi ,

the link is not working . Also tell me the proceedure to enter that license information in cisco asa.

Regards

Marvin Rhoads
Hall of Fame
Hall of Fame

Is the system you are coming from on the 192.168.1.0/24 network? The configuration command "http 192.168.1.0 255.255.255.0 inside" restricts ASDM access to systems there.

Your ASDM image is on the disk0:/ filesystem, yes? Please check "dir disk0: to confirm. ("show flash" is ambiguous in that respect.)

hi Marvin,

I checked disk0: .. yes the files are there.

Regards

The luink shoudl be working, I tried that again:

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139

To enter the license you need to do;

activation-key <5 tuple license key>

If the link does not work, send an e-mail to licensing@cisco.com and they would send you the license file.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

if user iscoming from 192.168.1.0 and ASDM is located on disk0:/ then I suspect client configuration issues.

Can you check output of asdm log ("show log asdm" from cli) during unsuccessful login attempt? Have you tried using ASDM applet on a working machine? Capture traffic on Wireshark while trying to login. These are all steps I would take in troubleshooting.

hi,

I activated the license but still it was not working..it worked when i added the command "ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1" and is working now..thanx

Interesting..i tore my hair off all day trying to get asdm to work after loading image again..i erased disk mistakenly..

at the end of the day, the command above also worked for me..gem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: