Cisco Support Community
Community Member

failed ASDM and ssh access to FWSM

I have a FWSM with a basic configuration installed on a simple inside/outside interface configuration. A similar configuration on a PIX525 and ASA5110 allows initial management access via ASDM. However, for the FWSM I can ping to/from the FWSM but all in bound management connections are ignored. A show conn command giving the correct connection details but with FLAGS - BA which is awaiting ACK to outside SYN. Any ideas?

6509 with supervisor 2 running 12.2(18) SXF2, FWSM 3.1(3). In the previous config, which ?Icleared to start from scratch ,telnet also failed with the same connection flag details so I don't think its a certificate issue rather all inbound tcp connections


Re: failed ASDM and ssh access to FWSM


The BA flags means FWSM is waiting for respond from the pc/machine you used to access the ASDM

Anyway, quick check, does the ASDM image present in your FWSM flash? Use "sh ver" to verify.

If present, just in case you have not enabled the HTTPS service:

hostname(config)# http server enable

To identify the IP addresses (either from inside, outside or any segment) that are allowed to access ASDM, enter the following command:

hostname(config)# http


hostname(config)# http inside

hostname(config)# http xx.xx.xx.50 outside

Same goes to telnet or SSH**

hostname(config)# telnet

*Enter 0 for the ip_address and mask to allow all IP addresses.

**telnet is only allowed from higher security level interface, but not outside interface. Only SSH & HTTPS can be used to access ASDM/FWSM from outside (lowest sec)

**SSH need hostname, domain-name and cert to be generated (use: ca generate rsa key )

** save generated key using ""ca save all"

Save your configuration (write mem).

If it still didn't work, can you share the admin access config portion of your FWSM + sh ver?



CreatePlease to create content