Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't access IPS on ASA for the first time via ASDM?

Hi, I have a new 5520 ASA (ASA 8.0(3) ASDM 6.0(3)), when I go to the IPS option it simply has a URL in the ASDM to https://10.1.9.201/ however this fails to open saying it can't find the web page, what do I need to do?

Here is the "sh version"

Cisco Intrusion Prevention System, Version 5.1(6)E1

Host:

Realm Keys key1.0

Signature Definition:

Signature Update S291.0 2007-06-18

Virus Update V1.2 2005-11-24

OS Version: 2.4.26-IDS-smp-bigphys

Platform: ASA-SSM-10

Serial Number: **********

No license present

Sensor up-time is 10 days.

Using 620122112 out of 1054670848 bytes of available memory (58% usage)

system is using 17.4M out of 29.0M bytes of available disk space (60% usage)

application-data is using 45.9M out of 166.8M bytes of available disk space (29% usage)

boot is using 35.3M out of 68.6M bytes of available disk space (54% usage)

MainApp Z-2007_JUN_19_12_49 (Release) 2007-06-19T13:04:08-0500 Running

AnalysisEngine Z-2007_JUN_19_12_49 (Release) 2007-06-19T13:04:08-0500 Running

CLI Z-2007_JUN_19_12_49 (Release) 2007-06-19T13:04:08-0500

Upgrade History:

IPS-K9-5.1-6-E1 09:07:15 UTC Wed Feb 27 2008

Recovery Partition Version 1.1 - 5.1(6)E1

8 REPLIES
New Member

Re: Can't access IPS on ASA for the first time via ASDM?

You ever find a solution to this?

New Member

Re: Can't access IPS on ASA for the first time via ASDM?

Have you configured the access-list on the IPS sensor to allow your host to communicate with it's management interface?

To check, login to the sensor, and then issue the 'show config' command, and scroll down paying attention to the access-list section of the config.

New Member

Re: Can't access IPS on ASA for the first time via ASDM?

In case you haven't fixed this yet, try the steps outlined here -

http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clilogin.html#wpxref57405

We had to do the same to one of our new IPS. You run a "session 1" from the cli of the ASA, log into the IPS, and the run setup. Reccomend changing the IP address of the IPS & updating the code from ver5. Find version 6 much nicer.

New Member

Re: Can't access IPS on ASA for the first time via ASDM?

I was looking for this solution, I didn't know where to go.

I logged in as cisco and it asked me to change my password but it won't accept it. I get an error stating the following:

Authentication token manipulation error

Remote card closed command session

Any ideas anyone?

Cisco Employee

Re: Can't access IPS on ASA for the first time via ASDM?

This error is very common when trying to change the password for the first time you login to the sensor.

On first login you use the default username "cisco" and default password "cisco".

It then tells you you have to create a new password and then puts up a password prompt.

The confusing thing is that this next password prompt is NOT asking for the NEW password. Instead it is asking for you to type the OLD password and in this case it is once again the default "cisco".

If you tried to enter your NEW password, then you get the token manipulation error.

After you entered that default "cisco" password again, then it will ask you to enter your NEW password 2 times.

New Member

Re: Can't access IPS on ASA for the first time via ASDM?

haha wow, that was simple. Thanks.

New Member

Re: Can't access IPS on ASA for the first time via ASDM?

I love this issue. It happens every time we get new people, and even some old, trying to re image a sensor. It isn't very apparent initially, but inputing your current password is all that is required.

New Member

Re: Can't access IPS on ASA for the first time via ASDM?

Yep that response regarding a token manipulation error is a common linux message that is generally misleading and only indicates a change in the hash of the original "cisco" password.

1392
Views
0
Helpful
8
Replies