Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

not able to launch Cisco ASDM launcher

we have 2 FWs, working in active/active pattern, 1 is active for admin and passive ctx1, aonther is active for ctx1 and passive for admin, we configured "admin" as admin-context.

we can telnet/ssh to each context by using IP address, the problem is we are not able to access ctx1 via using ASDM, we confirmed that IOS and ASDM file are the same on both FWs.

what else we can do to make ctx1 being accessible by ASDM?

5 REPLIES
Silver

Re: not able to launch Cisco ASDM launcher

"show proc" and "show tcpstat" Use the above commands and verify the lp bound to port 443. Or restart and try again.

Silver

Re: not able to launch Cisco ASDM launcher

Hello Bindong,

As promised, here is the response -

In Multi-Context Mode, you can directly access the other context as follows:

https://AdminCtxtIP/asdm_handler?context=ctxname

Bottom line is, you always needs to access other context through the admin context.

Hope this answers your question.

Regards,

Mynul

New Member

Re: not able to launch Cisco ASDM launcher

thanks for your reply, I tried your URL and it returned me an "the webpage cannot be found"

and from the log of the ASA, I found the following msg (172.16.3.50 is client and 172.16.22.1 is ASA)

SINFWL001/Ctx1# sh log | inc 172.16.3.50

%ASA-7-725008: SSL client inside:172.16.3.50/2012 proposes the following 11 cipher(s).

%ASA-7-725012: Device chooses cipher : DES-CBC3-SHA for the SSL session with client inside:172.16.3.50/2012

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2012

%ASA-6-725007: SSL session with client inside:172.16.3.50/2012 terminated.

%ASA-6-302014: Teardown TCP connection 49491063 for inside:172.16.3.50/2012 to NP Identity Ifc:172.16.22.1/443 duration 0:00:00 bytes 837 TCP FINs

%ASA-6-302013: Built inbound TCP connection 49491081 for inside:172.16.3.50/2015 (172.16.3.50/2015) to NP Identity Ifc:172.16.22.1/443 (172.16.22.1/443)

%ASA-6-725001: Starting SSL handshake with client inside:172.16.3.50/2015 for TLSv1 session.

%ASA-6-725003: SSL client inside:172.16.3.50/2015 request to resume previous session.

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2015

%ASA-6-725007: SSL session with client inside:172.16.3.50/2015 terminated.

%ASA-6-302014: Teardown TCP connection 49491081 for inside:172.16.3.50/2015 to NP Identity Ifc:172.16.22.1/443 duration 0:00:00 bytes 283 TCP FINs

%ASA-6-302013: Built inbound TCP connection 49491082 for inside:172.16.3.50/2016 (172.16.3.50/2016) to NP Identity Ifc:172.16.22.1/443 (172.16.22.1/443)

%ASA-6-725001: Starting SSL handshake with client inside:172.16.3.50/2016 for TLSv1 session.

%ASA-6-725003: SSL client inside:172.16.3.50/2016 request to resume previous session.

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2016

%ASA-6-725007: SSL session with client inside:172.16.3.50/2016 terminated.

%ASA-6-302014: Teardown TCP connection 49491082 for inside:172.16.3.50/2016 to NP Identity Ifc:172.16.22.1/443 duration 0:00:01 bytes 1326 TCP FINs

%ASA-6-302013: Built inbound TCP connection 49491091 for inside:172.16.3.50/2018 (172.16.3.50/2018) to NP Identity Ifc:172.16.22.1/443 (172.16.22.1/443)

%ASA-6-725001: Starting SSL handshake with client inside:172.16.3.50/2018 for TLSv1 session.

%ASA-6-725003: SSL client inside:172.16.3.50/2018 request to resume previous session.

%ASA-6-725002: Device completed SSL handshake with client inside:172.16.3.50/2018

%ASA-6-605005: Login permitted from 172.16.3.50/2018 to inside:172.16.22.1/https for user "XXXXXX"

%ASA-6-725007: SSL session with client inside:172.16.3.50/2018 terminated.

%ASA-6-302014: Teardown TCP connection 49491091 for inside:172.16.3.50/2018 to NP Identity Ifc:172.16.22.1/443 duration 0:00:00 bytes 1219 TCP FINs

it looked that session terminated after username authentication. i can use that username and password to telnet

New Member

Re: not able to launch Cisco ASDM launcher

you can access only one context from the ASDM at a time, because it is something like opening a http session from your browser and can only access one ip address that belongs to the context.

New Member

Re: not able to launch Cisco ASDM launcher

thanks for all of your reply, i found the problem: it is stupid mistake i have made. thanks anyway!

620
Views
2
Helpful
5
Replies
CreatePlease to create content