Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

asdm via vpn keeps on hanging/freezing???

I've set up my ASA 5510 FW so that after I VPN in, I can access the ASA by ASDMing into the inside interface (

For some reason this is what happens:

1. I open up my VPN client on my workstation and connect to the outside interface of the ASA.

1. After connected, for ping testing purposes, I open up command prompt and did a "ping -t", which is the inside interface of asa.

3. I launch ASDM client.

4. ASDM loads up until it hit which point I get an Error window "ASDM is temporarily unable to contact the firewall". At this point, my ping test is now giving me Request Time Out. I click OK on the Error window.

5. The ping test changes from RTO back to successful ping. ASDM continues loading up until the device dashboard tab with the asdm syslog messages show up.

6. ASDM then hangs, and the ping test goes to RTO again.

7. ASDM hangs (can't click on it, can't close it down, etc) for about 2 min before it comes back alive. The ping test goes back to ping successful.

Anyone have an idea why it does that?

If I load up SSH to by itself, it's fine.

If ASDM is hanging and I load up SSH, SSH obviously cannot connect.

New Member

Re: asdm via vpn keeps on hanging/freezing???

ciscoasa# sh run

: Saved


ASA Version 8.0(2)


hostname ciscoasa

enable password xxx



interface Ethernet0/0

nameif outside

security-level 0

ip address outside_ip


interface Ethernet0/1

nameif inside

security-level 100

ip address


interface Ethernet0/2


no nameif

no security-level

no ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0

nameif management

security-level 100

ip address



passwd xxx

ftp mode passive

clock timezone MST -7

clock summer-time MDT recurring

access-list split_tunnel_list standard permit

access-list inside_nat0_outbound extended permit ip

access-list admin_access_thru_vpn extended permit ip host

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool vpnuserspool mask

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-602.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1

access-group admin_access_thru_vpn in interface outside

route outside gw_ip 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http inside

http management

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

no crypto isakmp nat-traversal

telnet timeout 5

ssh scopy enable

ssh inside

ssh inside

ssh timeout 60

console timeout 0

management-access inside

New Member

Re: asdm via vpn keeps on hanging/freezing???

dhcpd address 172.x.x.101- inside

dhcpd dns dns1_ip dns2_ip interface inside

dhcpd enable inside


dhcpd address management

dhcpd enable management


threat-detection basic-threat

threat-detection statistics access-list


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global

ntp server 67.x.x.78 source outside


enable outside

svc image disk0:/anyconnect-win-2.2.0133-k9.pkg 1

svc enable

group-policy DfltGrpPolicy attributes

group-policy vpnuserspolicy internal

group-policy vpnuserspolicy attributes

vpn-tunnel-protocol svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel_list

address-pools value vpnuserspool

username admin password xxxx encrypted privilege 15

username admin attributes

vpn-group-policy vpnuserspolicy

username vpnuser1 password xxx encrypted

username vpnuser1 attributes

vpn-group-policy vpnuserspolicy

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

prompt hostname context


: end


CreatePlease to create content