07-27-2013 02:49 PM
Hi,
I am new to ASA. I have got ASA 5510 and was trying to enable ASDM access through outside interface. but its not working for me.. . I have configured a public ip in outside interface and enabled ssh and asdm. SSH is working but asdm is not working. It is a test enviorment so i havent configured any ACL yet.
VPN-TEST# show version
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"
VPN-TEST up 4 hours 33 mins
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: Ethernet0/0 : address is d0d0.fd1d.8758, irq 9
1: Ext: Ethernet0/1 : address is d0d0.fd1d.8759, irq 9
2: Ext: Ethernet0/2 : address is d0d0.fd1d.875a, irq 9
3: Ext: Ethernet0/3 : address is d0d0.fd1d.875b, irq 9
4: Ext: Management0/0 : address is d0d0.fd1d.8757, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 50
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
This platform has a Base license.
VPN-TEST# show run http
http server enable
http 0.0.0.0 0.0.0.0 outside
VPN-TEST# show run asdm
asdm image disk0:/asdm-621.bin
asdm history enable
Could anyone please help me to find out what i am missing?
Kind Regards,
Praveen
Solved! Go to Solution.
07-28-2013 06:06 AM
thats it , please add all ciphers combination using the command "ssl encryption" , please add them in one line beside each others , and you can use "?" to check the available combinations.
Regards,
Mohammad
07-27-2013 09:30 PM
Several things I would ask:
Is asdm-621.bin present on disk0?
Can you reach your test workstation from the outside interface? Is that where you successfully ssh from?
Is there any firewall or router ACL in the path between your workstation and the ASA?
Does the ASA log show anything when you try without success to launch ASDM?
What error specifically do you see?
07-28-2013 04:02 AM
Hi Marvin,
Thanks for your reply.
** Is asdm-621.bin present on disk0? **
VPN-TEST# show flash:
--#-- --length-- -----date/time------ path
92 16275456 Apr 25 2010 02:44:00 asa821-k8.bin
93 11348300 Apr 25 2010 04:56:04 asdm-621.bin
**Can you reach your test workstation from the outside interface? Is that where you successfully ssh from?**
I was trying to reach it from my home and i can ping my home station from outside interface.
** Is there any firewall or router ACL in the path between your workstation and the ASA? **
There is no firewall configured.
**Does the ASA log show anything when you try without success to launch ASDM? **
I cant see any logs... IS there any specail command to enable login ?
** What error specifically do you see? **
It shows the webpage is not available.
07-28-2013 04:03 AM
Hi Marvin,
I was trying to get ASDM through my outside interface ip like https://outside_interface_ip
07-28-2013 05:19 AM
Hi,
There is no ACL is configured in my ASA and when ever i try to access the ASDM from any ip outside it shows the following error
%ASA-3-710003: TCP access denied by ACL from 86.28.147.194/50378 to outside:5.250.178.42/80
%ASA-3-710003: TCP access denied by ACL from 86.28.147.194/50377 to outside:5.250.178.42/80
%ASA-3-710003: TCP access denied by ACL from 86.28.147.194/50376 to outside:5.250.178.42/80
%ASA-3-710003: TCP access denied by ACL from 86.28.147.194/50378 to outside:5.250.178.42/80
but i dont understand where this ACL came from.
07-28-2013 05:35 AM
Hi
Please share the below :
show run ssl
show asp table socket
And try to access it with https not http , as teh logs seens above showed that the connection blocked was on port 80 .
Also, can you ping the outside interface from the machine you are trying ASDM access from ( ping or ssh ) ?
Regards,
Mohammad Abu Arja
07-28-2013 06:02 AM
Hi Mohammad,
Thanks for your reply. Below shows the requested output
VPN-TEST# show run ssl
ssl encryption des-sha1
VPN-TEST# show asp table socket
Protocol Socket Local Address Foreign Address State
SSL 0000821f 5.250.178.42:443 0.0.0.0:* LISTEN
TCP 0001360f 5.250.178.42:22 0.0.0.0:* LISTEN
TCP 00233d68 5.250.178.42:22 5.250.176.254:43716 ESTAB
VPN-TEST#
Yes i can ping and ssh to the box from the machine which i am trying to access ASDM.
Kind Regards,
Praveen
07-28-2013 06:06 AM
thats it , please add all ciphers combination using the command "ssl encryption" , please add them in one line beside each others , and you can use "?" to check the available combinations.
Regards,
Mohammad
07-28-2013 06:15 AM
Hi Mohammed,
Excellent!!... that worked... Thank you very much for your help.
Kind Regards,
Praveen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide