I am having trouble trying to log into my IPS 4260 sensor using ASDM-IDM. When I try to login I get the error message "Unable to launch device manager". When I look in the Java console I see a few of these messages:
"javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake"
I do have access to the sensor over SSH and I have done a tls generate-key. I am also able to access the sensor using IPS Manager Express, just not ASDM-IDM. The ASDM-IDM application I am using does work for my ASA 5525 and 5520s.
Does anyone know why I might be getting this error message?
Can you get to the sensor via web interface? Try that and launch IDM from there, could be some issues with the local install. I have had similar issues before.
When I try that I get a window that says "Unable to launch the application". After clicking the "Details" button, I get this message:
com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://10.1.1.18/public/idm/idm.jnlp
Yes I can ping it and I am able to connect to it using IPS Manager Express as noted in the original question. I don't have console access as it's in another location but I can access it over SSH.
That's Java issue. I'm running mac 10.9.5.
IPS 7.1 recommend Java JRE 1.5 or 1.6
How ever downgrading from Java 8 to Java 6 to get an application to work. But had no luck.
You must ensure that your JRE is truely 1.5 or 1.6
This works on downgrading 8 to 6
I had the same issue and was able to resolve this by doing the following:
First of all add the site to the Exception site list:
From Java control panel, click security click edit site list and add your device https://x.x.x.x
Next, adjust your SSL settings:
From Java Control Panel Click Advanced-> scroll to "Advanced Security Settings"-> Uncheck "Use TLS1.1", "Use TLS1.2" (if they are checked) and check "Use SSL2.0 compatible ClientHello Format" as well as "Use SSL 3.0" and "Use TLS1.0".
Hope you had the same luck with this solution that I did.
I had to do what Brian did, and some more.
First I did Brian Green's steps of changing the SSL/TLS versions.
From Java Control Panel Click Advanced-> scroll to "Advanced Security Settings"-> Uncheck "Use TLS1.1", "Use TLS1.2" (if they are checked) and check "Use SSL2.0 compatible ClientHello Format" as well as "Use SSL 3.0" and "Use TLS1.0"
Then, I also had to import the certificate files a very specific way. Fortunately getting into the Java options from Brian's hint opened up Pandora's box here, plus a little wireshark debugging made me certain that MY PC did NOT LIKE the certificate.
Here's what I did (all steps after 1-3 from Java Control Panel)
By the way the default 'High' securiy level worked just fine for me.
Thanks a million Bernard. Following through this procedure finally resolved both ASDM and SSH access to my ASA after I installed version 9.2(2)4 and they both went in-op.
this solution didn't worked for me either. I had JRE 18.104.22.168, I think it was latest version for that moment.
then I installed 22.214.171.124 and what I did next:
1. added my host URL to exceptions list
2. unchecked "use TLS1.2"
3. checked "Use SSL2.0 compatible ClientHello Format"
you can find in the attachment screenshots of my settings (sorry for ugly lines)
p.s. it wasn't ASA ASDM, it was UCS CIMC, but I think all the same Java
I'm sorry for misleading I meant that with Java 126.96.36.199 it didn't works.
But it indeed did worked when I did what I said (and what showed at the screenshot) despite "TLS1.1" option was checked.
The only way I was able to get a CIMC to work just recently was to explicitly launch it using Java 1.7. some command line trickery sufficed for that as follows (all one line at the command prompt):
C:\Users\marvin.rhoads>C:\"Program Files (x86)"\Java\jre1.7.0_21\bin\javaws C:\Users\marvin.rhoads\Downloads\viewer.jnlp(10.197.122.87@0@1416414750320)
ASDM on the other hand works fine with my latest patches Java 1.8. I do use the latest ASDM launcher (1.5(78), used to launch various ASDM versions on multiple ASAs).