Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASDM not able to login.

I am able to login through cli but with the same credentials if i access ASDM its saying "Login failed".

 


 

Cisco Adaptive Security Appliance Software Version 9.1(5)10
Device Manager Version 7.3(1)

Compiled on Thu 03-Jul-14 09:45 PDT by builders
System image file is "disk0:/asa915-10-smp-k8.bin"
Config file at boot was "startup-config"

ASA up 24 days 2 hours
failover cluster up 36 days 16 hours

Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2393 MHz, 1 CPU (4 cores)
            ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB

Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
                             Boot microcode        : CNPx-MC-BOOT-2.00
                             SSL/IKE microcode     : CNPx-MC-SSL-PLUS-T020
                             IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026
                             Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4


 0: Int: Internal-Data0/0    : address is 18e7.282e.8a5d, irq 11

              
 1: Ext: GigabitEthernet0/0  : address is 18e7.282e.8a62, irq 5
 2: Ext: GigabitEthernet0/1  : address is 18e7.282e.8a5e, irq 5
 3: Ext: GigabitEthernet0/2  : address is 18e7.282e.8a63, irq 10
 4: Ext: GigabitEthernet0/3  : address is 18e7.282e.8a5f, irq 10
 5: Ext: GigabitEthernet0/4  : address is 18e7.282e.8a64, irq 5
 6: Ext: GigabitEthernet0/5  : address is 18e7.282e.8a60, irq 5
 7: Ext: GigabitEthernet0/6  : address is 18e7.282e.8a65, irq 10
 8: Ext: GigabitEthernet0/7  : address is 18e7.282e.8a61, irq 10
 9: Ext: GigabitEthernet1/0  : address is 00e0.ed24.35d0, irq 11
10: Ext: GigabitEthernet1/1  : address is 00e0.ed24.35d1, irq 5
11: Ext: GigabitEthernet1/2  : address is 00e0.ed24.35d2, irq 5
12: Ext: GigabitEthernet1/3  : address is 00e0.ed24.35d3, irq 11
13: Ext: GigabitEthernet1/4  : address is 00e0.ed24.35d4, irq 11
14: Ext: GigabitEthernet1/5  : address is 00e0.ed24.35d5, irq 5
15: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0
16: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
17: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0
18: Ext: Management0/0       : address is 18e7.282e.8a5d, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual

              
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 5              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 10             perpetual
AnyConnect Essentials             : 750            perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Enabled        perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 100            perpetual
Total UC Proxy Sessions           : 100            perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Enabled        perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual

This platform has an ASA5525 VPN Premium license.


Failover cluster licensed features for this platform:

              
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 10             perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 20             perpetual
AnyConnect Essentials             : 750            perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Enabled        perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 200            perpetual
Total UC Proxy Sessions           : 200            perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Enabled        perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Enabled        perpetual

 


ASA# dir disk0:

Directory of disk0:/

10     drwx  4096         14:56:22 Feb 21 2014  log
21     drwx  4096         09:04:42 Sep 14 2014  crypto_archive
22     drwx  4096         14:56:56 Feb 21 2014  coredumpinfo
103    -rwx  369920       02:58:02 Sep 17 2014  crash.txt
104    -rwx  17851400     15:00:26 Feb 21 2014  asdm-66114.bin
105    -rwx  38191104     03:55:16 Aug 31 2014  asa912-smp-k8.bin
106    -rwx  25088760     06:17:18 Sep 02 2014  asdm-731.bin
107    -rwx  38025216     06:16:26 Sep 02 2014  asa915-10-smp-k8.bin
108    -rwx  35468146     02:14:58 Sep 03 2014  anyconnect-win-3.1.05182-k9.pkg
109    -rwx  11612177     01:50:50 Sep 04 2014  anyconnect-macosx-i386-3.1.05182-k9.pkg


ASA# sh run http
http server enable
http 10.10.10.0 255.255.255.0 management


ASA# sh run ssl
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1


ASA# sh run asdm
asdm image disk0:/asdm-731.bin

ASA# sh run aaa
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL

My java version is

 

version 8 update 20

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

You may need to register your

You may need to register your ASA certificate with Java. Reference this document.

You can export the certificate without using ASDM - use your browser's toolbar after having browsed to the ASA.

7 REPLIES
Hall of Fame Super Silver

You may need to register your

You may need to register your ASA certificate with Java. Reference this document.

You can export the certificate without using ASDM - use your browser's toolbar after having browsed to the ASA.

New Member

Thanks for the input Marvin

Thanks for the input Marvin,Few interesting observations i did try the above method using ASDM like few of the steps below.

 

  • Export the SSL certificate of your ASA
    • Use a web browser to access the ASA https://YourAsaDevice
    • Export the SSL certificate and save to the file system
      • For example, on Firefox right click on page, View Page Info -> Security -> View Certificate -> Details tab -> Export (will be prompted to save to file system)
  • Import it into the Java Control Panel as a "Secure Site" certificate
    • Run the Java control panel
    • Security tab -> Manage Certificates -> Certificate type: Secure Site -> User tab -> Import
    • Select the saved certificate file from above

 

But it didnt work initially then later i had to create a new username then it started working.

 

Hall of Fame Super Silver

You're welcome - glad it's

You're welcome - glad it's now working for you.

Please rate your question as answered if it helped.

New Member

Sure Marv,What do you think

Sure Marv,What do you think it worked with new username...

Hall of Fame Super Silver

Hard to say but one plausible

Hard to say but one plausible explanation is that someone changed the password associated with the old username by mistake.

You'd have to compare a working and non-working copy of the config (if you have them) to see if the hashed value for the password was different.

New Member

ohh i tried that....iam the

ohh i tried that....iam the only one with access..is something related to max usn/pwd limitations...cos the one which worked was simple cisco usn..

Hall of Fame Super Silver

Hmm.Well as of ASA 8.4(2)

Hmm.

Well as of ASA 8.4(2) they eliminated the ability to use the old "asa" default username. That shouldn't be an issue with your 9.1 though.

Local password policy restrictions became available as of 9.1(2) (and 8.4(4.1)) but that too shouldn't affect you. Beside, the default is not to have such a policy until it's been configured.

51
Views
0
Helpful
7
Replies
CreatePlease to create content