Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA cannot logon w/ ADSM (SSH is OK)

all,

since yesterday, I cannot logon with adsm anymore.

when I run adsm, I type in my pw, and the screen keeps displaying "contacting the device". No timeout, just stays this way.

I've updated the java version, no luck.

I can connect with SSH with no problem.

device = asa5550, 8.2(1) asdm 6.2(1)

pieces of the config:

---

BE01NF21#sh run all ssl

ssl server-version any

ssl client-version any

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

BE01NF21#sh asp table socket     

Protocol  Socket    Local Address               Foreign Address         State

SSL       000028ef  192.168.126.1:443           0.0.0.0:*               LISTEN

TCP       000047df  192.168.126.1:22            0.0.0.0:*               LISTEN

TCP       0123e588  192.168.126.1:22            192.168.126.3:26807     ESTAB

---

(126.1 is the interface I connect to)

output of debug http 255:

---

HTTP: processing ASDM request [/admin/version.prop] with cookie-based authentication (aware_webvpn_conf.re2c:398)

HTTP: check admin session. Cookie index [-1][0]

HTTP: client certificate required = 0

--- no further output

On another ASA device the debug output is different (asdm does work with this device):

---

HTTP: processing ASDM request [/admin/version.prop] (aware_webvpn_conf.re2c:417)

HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]

HTTP: session verified =  [0]

HTTP: processing GET URL '/admin/version.prop' from host

etc...

---

notice that there is no "with cookie-based authentication" here -- is this relevant?

Rebooting the device is not really an option... Does anyone have another idea ??

THANKS !!

1 ACCEPTED SOLUTION

Accepted Solutions
Red

ASA cannot logon w/ ADSM (SSH is OK)

Do you have any command like:

aaa authentication http console LOCAL

can you remove it and try again.

is it same with the launcher and browser??

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
7 REPLIES
Red

ASA cannot logon w/ ADSM (SSH is OK)

Do you have any webvpn configured on port 443? Try enabling ASDM access onany other port.

https server enable 8443

and then access from browser:

http://:8443

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

ASA cannot logon w/ ADSM (SSH is OK)

unfortunately the result is the same -- "contacting the device" is all I get...

I can access the page from the browser (as I could before), I can start the java ADSM, enter my credentials, then freeze...

Red

ASA cannot logon w/ ADSM (SSH is OK)

Can you re-isnatll the ASDM launcher on the machine??

Is it possible for you to upgrade to latest ASDM software like 6.4.7 or 6.4.9, they are available on cisco site.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

ASA cannot logon w/ ADSM (SSH is OK)

asdm 647 now

:-( still the same. I'm getting the impression that something is wrong internally and a reboot could solve it.

Any other thoughts?

it's very much appreciated - i hate to have to tell my cio that i have to reboot this device - uptime 3yrs+ now! ...

Red

ASA cannot logon w/ ADSM (SSH is OK)

Do you have any command like:

aaa authentication http console LOCAL

can you remove it and try again.

is it same with the launcher and browser??

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

ASA cannot logon w/ ADSM (SSH is OK)

YES! I indeed had this "aaa authentication http console LOCAL"

Once I removed it, I could logon again.

But to my knowledge, this command was always there - very strange that this now was causing issues...

THANKS !!!!!

Red

ASA cannot logon w/ ADSM (SSH is OK)

That's great!!!!!!!!

Here's the reason -

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtt45397

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
740
Views
0
Helpful
7
Replies