This webpage is not available

Ahmad Khalifa · ‎06-05-2014

hello

i have 4 PCS of ASA5505 Firewall

The Problem that i face 2 of them working fine when you go to the Browser and typing "https://192.168.1.1" and nothing happen but the other two firewall are working fine once i hit Enter its go to the ASDM Page

i reset the Other two firewalls to factory default and i erased the Flash and reload them again nothing Happen

i am using asa913-k8.bin for ASDM asdm-714.bin

any help regarding this issue

Marvin Rhoads · ‎06-05-2014

They may be lacking the free (but necessary for ASDM) 3DES license.

Please check:

show ver | i 3DES

If it is not active, you can go to the Cisco licensing portal ("Get New > IPS, Crypto or Other Licenses") and obtain a free license for that feature.

View solution in original post

Marius Gunnerud · ‎06-05-2014

Try adding the following command and then test:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

What version of java are you running on your PC? If you do not have the latest version, please update java and then try again. If you are running the newest version try downgrading java and then try again.

If that doesn't work enable logging and try to connect to the ASDM and then check the logs to see if there is anything prohibiting access.

If none of those work, log into the CLI and issue the command debug http then try to connect and see if there is any output in the debug.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎06-05-2014

Not sure what you mean when you say you erased the flash? did you delete the all the files stored in flash?

Could you post the output of the following commands:

show flash

show run

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Ahmad Khalifa · ‎06-05-2014

yes and i did copy the boot image again

ciscoasa# sh flash:
--#-- --length-- -----date/time------ path
81 2048 Jun 05 2014 05:07:42 boot
89 204 Jun 05 2014 06:16:28 boot/grub.conf
3 2048 Jun 05 2014 05:10:24 log
6 2048 Jun 05 2014 05:10:38 crypto_archive
10 2048 Jun 05 2014 05:10:52 coredumpinfo
11 43 Jun 05 2014 05:10:52 coredumpinfo/coredump.cfg
84 26984448 Jun 05 2014 06:01:08 asa913-k8.bin
85 22658960 Jun 05 2014 06:03:14 asdm-714.bin

ciscoasa(config)# sh run
: Saved
:
ASA Version 8.3(1)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa913-k8.bin
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-714.bin
no asdm history enable
arp timeout 14400
!
object network obj_any
nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.5-192.168.1.36 inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:3df862f85e8ee462d0c302b5c7da1697
: end
ciscoasa(config)#

thank you

Ahmad Khalifa · ‎06-05-2014

this is what i get into the Browser

This webpage is not available

Ahmad Khalifa · ‎06-05-2014

when i use CISCO ASDM-IDM Launcher

"Unable to Lunch Device Manager From 192.168.1.1"

Marvin Rhoads · ‎06-05-2014

They may be lacking the free (but necessary for ASDM) 3DES license.

Please check:

show ver | i 3DES

If it is not active, you can go to the Cisco licensing portal ("Get New > IPS, Crypto or Other Licenses") and obtain a free license for that feature.

Ahmad Khalifa · ‎06-07-2014

Hi

i run the 3DES cmd

ciscoasa(config)# show ver | i 3DES
Encryption-3DES-AES : Disabled perpetual

but it was working before what happen i dont know

Ahmad Khalifa · ‎06-07-2014

thank you all

its working now

Marius Gunnerud · ‎06-05-2014

Try adding the following command and then test:

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1

What version of java are you running on your PC? If you do not have the latest version, please update java and then try again. If you are running the newest version try downgrading java and then try again.

If that doesn't work enable logging and try to connect to the ASDM and then check the logs to see if there is anything prohibiting access.

If none of those work, log into the CLI and issue the command debug http then try to connect and see if there is any output in the debug.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Ahmad Khalifa · ‎06-07-2014

hi

i try the ssl cmd and here is the output

"The 3DES/AES algorithms require a Encryption-3DES-AES activation key."

it was working before

Debug http is enabled but the ASA dosent show even there is try to open the ASDM via http

Marius Gunnerud · ‎06-07-2014

You need to reinstall the 3DES/AES strong encryption license. As Marvin has mentioned it is a free download from cisco -- Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Ahmad Khalifa · ‎06-07-2014

hi

i tried the new key

ciscoasa(config)# show ver | i 3DES
Encryption-3DES-AES : Enabled perpetual

but the ASDM not workng and also the Debug is not working i meant dosent detect any try to access

Marvin Rhoads · ‎06-07-2014

Is this still not working?

If not can you confirm your ASDM attempts are from a host in the inside 192.168.1.0/24?

Marius Gunnerud · ‎06-08-2014

A few posts up he says that it is working

thank you all
its working now

--
Please remember to select a correct answer and rate helpful posts

ASDM witn ASA5505

This webpage is not available