Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

unable to launch asdm after asa8.0 upgrade

i've just upgraded to asa 8.0 and ASDM6. Everything seems to be working fine except the ADSM. Any thoughts?

myasa01# sh ver

Cisco Adaptive Security Appliance Software Version 8.0(4)

Device Manager Version 6.1(5)51

Compiled on Thu 07-Aug-08 20:53 by builders

System image file is "disk0:/asa804-k8.bin"

myasa01# sh running-config management-access

management-access inside

myasa01# sh running-config asdm

asdm image disk0:/asdm-61551.bin

asdm history enable

myasa01# sh running-config http

http server enable

http 10.10.14.6 255.255.255.255 inside

myasa01# sh running-config access-group

access-group OutsideAllowedIn in interface outside

myasa01# dir flash:

Directory of disk0:/

115 -rwx 21986 18:35:08 Nov 12 2008 running-config.2008111201.cfg

117 -rwx 8294400 08:05:00 Dec 12 2006 asa721-25-k8.bin

118 -rwx 5539756 08:06:50 Dec 12 2006 asdm521.bin

119 -rwx 14137344 19:23:44 Nov 12 2008 asa804-k8.bin

121 -rwx 415956 10:34:02 Apr 10 2008 sslclient-win-1.1.4.176.pkg

123 -rwx 7605252 19:06:34 Nov 12 2008 asdm-61551.bin

124 -rwx 2154944 19:28:58 Nov 12 2008 anyconnect-win-2.2.0140-k9.pkg

###log entries###

Nov 14 2008 13:10:26 myasa01 : %ASA-3-710003: TCP access denied by ACL from 10.10.14.6/45666 to inside:10.10.14.2/443

Nov 14 2008 13:10:26 myasa01 : %ASA-7-710005: TCP request discarded from 10.10.14.6/45666 to inside:10.10.14.2/443

##Tracker results###

myasa01# packet-tracer input inside tcp 10.10.14.6 45663 10.10.14.2 443 detail

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0xc89b2570, priority=1, domain=permit, deny=false

hits=1132251, user_data=0x0, cs_id=0x0, l3_type=0x8

src mac=0000.0000.0000, mask=0000.0000.0000

dst mac=0000.0000.0000, mask=0000.0000.0000

Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 10.10.14.2 255.255.255.255 identity

Phase: 4

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 10.10.14.0 255.255.255.0 inside

Phase: 5

Type: ACCESS-LIST

Subtype:

Result: DROP

Config:

Implicit Rule

Additional Information:

Forward Flow based lookup yields rule:

in id=0xc89b27e0, priority=0, domain=permit, deny=true

hits=3515, user_data=0x9, cs_id=0x0, flags=0x1000, protocol=0

src ip=0.0.0.0, mask=0.0.0.0, port=0

dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

Result:

input-interface: inside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: drop

Drop-reason: (acl-drop) Flow is denied by configured rule

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: unable to launch asdm after asa8.0 upgrade

Hello,

I suggest,

1) Try reloading the device,

2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.

3)Make sure no SSLvpn is configured on this interface

4)Try using an identical ASDM image version like 6.0(x)

Regards

Community Member

Re: unable to launch asdm after asa8.0 upgrade

Hi,

Device Manager Version 6.1(5)51 is having some issues,

The stable ASDM version for 8.0(4) was

6.0(3).

All the best.

4 REPLIES

Re: unable to launch asdm after asa8.0 upgrade

Hello,

I suggest,

1) Try reloading the device,

2) Uninstall previously installed ASDM in 10.10.14.6 (assuming this is your management computer), then access https://10.10.14.2 and reinstall new ASDM.

3)Make sure no SSLvpn is configured on this interface

4)Try using an identical ASDM image version like 6.0(x)

Regards

Community Member

Re: unable to launch asdm after asa8.0 upgrade

Rolling back to asdm6.0(3) and reloading was the key. Simply reloading or simply changing the asdm image wouldn't do it. Also, it's worth noting for posterity that:

1) removed the asdm configuration and the http configuration (clear configure httpd, clear configure asdm)

2) reloaded the device

3) configured the asdm image, the the httpd ACL then enabled the http server.

Thanks for you quick and thorough replies. The assist goes to chaitu_kranthi.

Community Member

Re: unable to launch asdm after asa8.0 upgrade

Hi,

Device Manager Version 6.1(5)51 is having some issues,

The stable ASDM version for 8.0(4) was

6.0(3).

All the best.

Community Member

Re: unable to launch asdm after asa8.0 upgrade

asdm-603.bin worked like a champ..see my reply to husycisco. Thanks again.

424
Views
5
Helpful
4
Replies
CreatePlease to create content