Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASDM/Java issue - still.....

I am having the famous and much discussed issue of ASDM and Java 7 not being compatible. You launch ASDM and it hangs. To resolve you install the older, archived version of Java 1.5 or 1.6 and it works.

 

My question is - how come Cisco has never seen fit to release a patch or fix to correct this issue? 

 

 

11 REPLIES
Hall of Fame Super Silver

Cisco has updated ASDM and

Cisco has updated ASDM and has procedures posted in the release notes and in a dedicated document on how to use it with the more current Java releases.

I am using the current Java 8 Update 11 and using it to manage several customer ASAs running various ASDM releases .

New Member

I have Java 8 Update 31 and I

I have Java 8 Update 31 and I have a non self signed cert on the firewall and it still does not work. What am I doing wrong here? The cert is signed by GoDaddy and works great otherwise. 

Hall of Fame Super Silver

Doublecheck that the GoDaddy

Doublecheck that the GoDaddy certificate is bound to the interface you are using for management.

The easiest way is by browsing to the ASA i.e. https://<ASA mgmt address>/admin and then inspect / verify the certificate in your browser.

If that looks OK, then try also adding the ASA as a trusted site in Java's control panel.

New Member

Thanks for the reply. It is

Thanks for the reply. It is bound on all 3 interfaces. I have added both http and https sites as trusted sites already. I have tried all combinations of adding the cert to local cert stores, java control panel trusted certs, secure sites, trusted sites. No luck.

Hall of Fame Super Silver

I assume you've alllowed HTTP

I assume you've alllowed HTTP management from your client?

What do you see when browsing to the ASA /admin?

New Member

Yes. I am managing it from an

Yes. I am managing it from an old server with ASDM at the moment with Java 7 51. However on that server only webstart works no client. 

Hall of Fame Super Silver

Have you drilled down to Java

Have you drilled down to Java control panel messages and /or looked at a Packet Capture when you try to connect to see what might be happening at a debug level?

What ASDM version are you using? 

One other thought is to clear your Java cache.

New Member

No. I have I have not drilled

No. I have I have not drilled down or looked at a packet capture.

ASA Version: 9.3(2)
ASDM Version: 7.3(2)102
Device Type: ASA5512

 

com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://vpn.domain.com/admin/public/asdm.jnlp
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
 
 
 
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source)
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Hall of Fame Super Silver

Can you share "show run ssl"

Can you share "show run ssl" from the ASA cli?

New Member

ASA5512# sh run sslssl cipher

ASA5512# sh run ssl
ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher sslv3 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl trust-point ASDM_TrustPoint0 inside
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 management

 

Hall of Fame Super Silver

You have strong ciphers as

You have strong ciphers as per the new 9.3(2) "ssl cipher" commands. So that should be OK for you.

We've covered all the obvious places to look.

I'd drill in further with the Java cache clearing and then trying again while doing a packet capture and/or debugging on the ASA to see what's going on in more detail.

844
Views
0
Helpful
11
Replies
CreatePlease to create content