Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASDM not working on new ASA

Hi Everyone,

I am setting up new ASA for testing purposes.

So far it has single interface Active which is management.

I can ssh to ASA  fine but ASDM is not working.

sh run http shows

sh run http

http server enable

http 172.31.20.0 255.255.255.0 management

sh run ssh

ssh 172.31.20.0 255.255.255.0 management.

Regards

MAhesh

  • Firewalling
5 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

ASDM not working on new ASA

Hi Mahesh

if the ASA you try to asdm is x generation, the problem is caused  by the command 'ssl encryption des-sha1'  all browsers will reject the ssl conection with that choise. to resolve

this you have to create another cipher for ssl, the folling will help you

'no ssl encryption des-sha1' 'ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1'

Best Regards,

New Member

ASDM not working on new ASA

Hi Mahesh, sorry but did you select the asdm image as source ?

asdm image disk0:/asdm-645.bin


is the asdm appropiate for your ios ?

asdm6.4 -> ASA8.4 or above = work

asdm6.4 -> ASA9.1 = dont work

Best Regards,

ASDM not working on new ASA

Hello,

Share the output of the following commands after the change

show run asdm

show flash | include asdm

show run ssl

What is the IP address you are using to connect?

cap capin interface management  match tcp host x.x.x.x (source host) y.y.y.y (management IP address) eq 443

Then connect once and share

show cap capin

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com

ASDM not working on new ASA

Please provide the rest of the outputs

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Hall of Fame Super Silver

ASDM not working on new ASA

Mahesh

I would think that the output from these 2 commands would be especially helpful

show run asdm

show flash | include asdm

HTH

Rick

14 REPLIES
New Member

ASDM not working on new ASA

Hi,

Did you upload ASDM image to the flash and configure it with:

asdm image flash:/-----

Please check the flash with "dir" to check if there is any existing ASDM image on the disk.

Thanks.

New Member

ASDM not working on new ASA

Hi Murad,

I checked dir  it sows flash is there.

Regards

mahesh

ASDM not working on new ASA

Hello share the following

show run asdm

show flash | include asdm

show run ssl

sh version

Regards

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

ASDM not working on new ASA

Hi Julio,

sh run ssl foed not sjow any output

show flash | include asdm

  111  16280544    Jun 29 2011 12:10:58  asdm-645.bin

sh run asdm

no asdm history enable

sh ver shows

up 2 days 2 hours

Hardware:   ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.06
                             Number of accelerators: 1

0: Ext: GigabitEthernet0/0  : address is e8b7.483d.0d68, irq 9
1: Ext: GigabitEthernet0/1  : address is e8b7.483d.0d69, irq 9
2: Ext: GigabitEthernet0/2  : address is e8b7.483d.0d6a, irq 9
3: Ext: GigabitEthernet0/3  : address is e8b7.483d.0d6b, irq 9
4: Ext: Management0/0       : address is e8b7.483d.0d6c, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 150            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

This platform has an ASA 5520 VPN Plus license.

Regards

MAhesh

New Member

ASDM not working on new ASA

Hi Mahesh

if the ASA you try to asdm is x generation, the problem is caused  by the command 'ssl encryption des-sha1'  all browsers will reject the ssl conection with that choise. to resolve

this you have to create another cipher for ssl, the folling will help you

'no ssl encryption des-sha1' 'ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1'

Best Regards,

New Member

ASDM not working on new ASA

Hi Luis,

I tried above command still same thing.

Best regards

MAhesh

New Member

ASDM not working on new ASA

Hi Mahesh, sorry but did you select the asdm image as source ?

asdm image disk0:/asdm-645.bin


is the asdm appropiate for your ios ?

asdm6.4 -> ASA8.4 or above = work

asdm6.4 -> ASA9.1 = dont work

Best Regards,

New Member

ASDM not working on new ASA

Hi Luis,

I added the command asdm image disk0:/asdm-645.bin as it was not in config.

Still same thing.

Current ios is

Version 8.4(2)

Seems IOS is compatible with ASA.

Regards

MAhesh

ASDM not working on new ASA

Hello,

Share the output of the following commands after the change

show run asdm

show flash | include asdm

show run ssl

What is the IP address you are using to connect?

cap capin interface management  match tcp host x.x.x.x (source host) y.y.y.y (management IP address) eq 443

Then connect once and share

show cap capin

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
599
Views
0
Helpful
14
Replies
This widget could not be displayed.