Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot open ASA through ASDM but I can open it through SSH

Hi guys

I have a problem right now, in fact I was searching for all the forum and I couldn't find any topic that could help me. Let me explaing you the situation: I got 2 firewalls which are connected as failover, the problem is with the ACTIVE device because I can access through SSH but if I'm trying to open it via ASDM it brings me an error UNABLE TO LAUNCH DEVICE MANAGER FROM X.X.X.X. I'm running the latest version of ASDM 8.2(2)17 in fact we already rewrite the file in the firewall but the problem is still there. And about the other device, I mean the one that is as STANDBY is working fine I'm able to access through ASDM and SSH and we already compare it and both have the same configuration.

So if you have any suggestion I will apreciate it.

Regards

Everyone's tags (9)
18 REPLIES
Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi Luis,

This document may help you troubleshoot:

https://supportforums.cisco.com/docs/DOC-13012

Things to check are the output of 'show run http', 'show run asdm', 'show flash', and 'show ver'. You can also enable 'debug http', which may provide some insight into what the problem is. Also, you might try connecting from a different PC to rule out any client or Java issues.

If the above document doesn't help, please post the output of all the above commands.

-Mike

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi mirober2

I already check link that you gave but it didn't work, here are the results of the commands

sat320a-asa5520-1# sh run asdm
asdm image disk0:/asdm-634.bin
asdm history enable

sat320a-asa5520-1# sh flash
--#--  --length--  -----date/time------  path
    3  8192        Oct 08 2009 11:00:52  log
   41  4181246     Dec 31 2002 18:08:08  securedesktop-asa-3.2.1.103-k9.pkg
   42  398305      Dec 31 2002 18:08:30  sslclient-win-1.1.0.154.pkg
   10  8192        Apr 16 2009 16:02:20  crypto_archive
   44  14503836    Oct 04 2010 17:30:21  asdm-634.bin
   45  11348300    Oct 08 2009 10:58:52  asdm-621.bin
   11  8192        Oct 08 2009 11:02:16  coredumpinfo
   12  43          Jul 12 2010 05:30:42  coredumpinfo/coredump.cfg
   46  8192        Oct 23 2009 21:05:40  tmp
   47  2118        Feb 27 2010 01:29:44  old_running.cfg
   48  1323        Feb 27 2010 01:29:44  admin.cfg
   49  82759       Oct 04 2010 17:12:06  SAT-VPN.cfg
   50  2177        Oct 01 2010 16:20:10  SAT-VIVA.cfg
   51  16293888    Jul 12 2010 05:29:56  asa821-3-k8.bin
   52  16478208    Oct 01 2010 15:12:10  asa822-17-k8.bin

sat320a-asa5520-1/SAT-VPN# sh run | i http
service-object tcp eq https
service-object tcp eq https
service-object tcp eq https
http server enable
http 189.206.211.0 255.255.255.0 inside
http 189.206.214.0 255.255.255.0 inside

sat320a-asa5520-1# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(2)17
Device Manager Version 6.3(4)

Compiled on Wed 26-May-10 19:02 by builders
System image file is "disk0:/asa822-17-k8.bin"
Config file at boot was "startup-config"

sat320a-asa5520-1 up 3 days 19 hours
failover cluster up 220 days 8 hours

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0  : address is 0024.9750.3bb8, irq 9
1: Ext: GigabitEthernet0/1  : address is 0024.9750.3bb9, irq 9
2: Ext: GigabitEthernet0/2  : address is 0024.9750.3bba, irq 9
3: Ext: GigabitEthernet0/3  : address is 0024.9750.3bbb, irq 9
4: Ext: Management0/0       : address is 0024.9750.3bb7, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 150      
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 5        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 2        
Total VPN Peers                : 750      
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 

This platform has an ASA 5520 VPN Plus license.

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi Luis,

Did you try from another PC in the 189.206.211.0 or 189.206.214.0 subnets? What does the output of 'debug http' show when you try to connect?

-Mike

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi

Well about your question of trying to access from a pc on the network 189.206.211.x well that's where I'm trying to access =S

And I was checking the debug http but it doesn't bring me anything.

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi,

Are you using the ASDM launcher to start the ASDM ? Have you tried accessing the GUI by putting the URL in the browser

https://

Thanks,

Namit

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

Yes I already try that but I getting the error of PAGE CANNOT BE DISPLA, any other suggestion?? =(

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi Luis,

Can you also copy paste the java logs that you get when you start the connection from the ASDM launcher. Click on the 'cup' icon on the right bottom corner of the ASDM launcher where you enter your credentials and press 5 to get the debugs on the screen. Then enter your credentials and try to log into ASDM.

Reagrds,

Rahul

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

Here is the output of the Java

Local Launcher Version = 1.5.50
Local Launcher Version Display = 1.5(50)
OK button clicked
Trying for ASDM Version file; url = https://10.7.9.20/admin/
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read1(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
    at com.cisco.launcher.y.a(Unknown Source)
    at com.cisco.launcher.y.if(Unknown Source)
    at com.cisco.launcher.r.a(Unknown Source)
    at com.cisco.launcher.s.do(Unknown Source)
    at com.cisco.launcher.s.null(Unknown Source)
    at com.cisco.launcher.s.new(Unknown Source)
    at com.cisco.launcher.s.access$000(Unknown Source)
    at com.cisco.launcher.s$2.a(Unknown Source)
    at com.cisco.launcher.g$2.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Trying for IDM. url=https://10.7.9.20/idm/idm.jnlp/
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.readFully(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read1(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
    at com.cisco.launcher.w.a(Unknown Source)
    at com.cisco.launcher.s.for(Unknown Source)
    at com.cisco.launcher.s.new(Unknown Source)
    at com.cisco.launcher.s.access$000(Unknown Source)
    at com.cisco.launcher.s$2.a(Unknown Source)
    at com.cisco.launcher.g$2.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Regards

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

I made a mistake I have the ASDM version 6.3(4)

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Can you give the command " ssl encryption aes128-sha1" on the ASA and try.

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

I already try the command but it didn't work =S and the same log appear on the java console.

Regards

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Do you have webvpn enabled on the ASA ? Also what is the error when you get when you try to access the GUI via the browser as suggested by Namit ?

Regards

Rahul

Cisco Employee

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi,

Please paste the output of the following command

show bootvar

show asdm image

sh flash

sh run | in http

Thanks,

Namit

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

Any chance you have a proxy configured on the web browser you're trying to access ASDM from?

Highlighted

Re: Cannot open ASA through ASDM but I can open it through SSH

ASA(config)#asdm image < location of asdm image

HTH,

HARI

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

Did this ever get resolved?  I'm experiencing the same issue on an ASA that I used to be able to get to via ASDM.  I've tried it from two different computers from two different subnets via ASDM launcher and HTTPS.  Any help would be appreciated.

Thanks!

New Member

Re: Cannot open ASA through ASDM but I can open it through SSH

Hi:

Well at the end I had to reload the ASA and then everything went back to normal, in fact I receive help from CISCO TAC and the told me that we need to install the lastest IOS version on the device because there was a bug on the version that we were using.

Regards

New Member

Thanks!  resolved for me.

Thanks!  resolved for me.

24639
Views
5
Helpful
18
Replies
CreatePlease login to create content