Cisco Pix 515e ASDM stopped working
I cant access the ASDM GUI on my cisco 515e pix. The pix partly loads the ASDM but stops at 52% while Validating the running configuration.
Can anyone please help
Thanks in advance
Can anyone please help
Thanks in advance
ASKER
I have rebooted the Pix several time with no luck. The pix configuration has been changed using the CLI by another person and i dont no what he changed.
Can you console in and get a copy of the existing config?
ASKER
Here is the current running configuration thanks
PIX Version 7.0(1)
names
name 192.168.100.14 EQ-DC1
name 194.168.4.100 NTL_DNS_1
name 194.168.8.100 NTL_DNS_2
name 192.168.101.0 NIHRC_Inside
name 192.168.100.40 PDM_Mgnt
name 192.168.100.23 EQ-IMSS
name 192.168.100.16 EQ-EXCH
name 192.168.100.28 Gary
name 192.168.100.26 Darren
name 192.168.100.35 Damien
name 192.168.100.25 EQ-IWSS
name 192.168.100.11 EQ-SQL
name 192.168.100.34 Bob
name 192.168.100.107 Martin
name 192.168.100.108 DVance
name 192.168.100.199 Bob_Laptop
name 81.144.250.195 NICCY_PIX
name 192.168.100.27 EQ-TS
name 192.168.100.93 Intranet
name 192.168.100.128 Una
name 192.168.100.214 Una_Out
name 10.10.10.3 EQ-IMSS1
name 192.168.100.213 Ciaran
name 192.168.100.188 Terry
name 192.168.100.253 Intranet_FailOver
name 192.168.100.158 Test
name 192.168.100.191 MOConnor
name 192.168.100.97 LKinney
!
interface Ethernet0
nameif Outside
security-level 0
ip address x.x.x.109 255.255.255.x
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.100.206 255.255.255.0
!
interface Ethernet2
nameif DMZ
security-level 4
ip address 10.10.10.1 255.255.255.0
!
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname Firewall
domain-name e.org
ftp mode passive
object-group service Inside_Group tcp
description Allow multiple services from Inside to Internet
port-object eq www
port-object eq ftp-data
port-object eq https
port-object eq ftp
object-group network NoProxy
network-object EQ-EXCH 255.255.255.255
network-object EQ-IMSS 255.255.255.255
network-object EQ-DC1 255.255.255.255
network-object EQ-IWSS 255.255.255.255
network-object EQ-SQL 255.255.255.255
network-object Bob 255.255.255.255
network-object Damien 255.255.255.255
network-object Martin 255.255.255.255
network-object DVance 255.255.255.255
network-object Bob_Laptop 255.255.255.255
network-object Gary 255.255.255.255
network-object EQ-TS 255.255.255.255
network-object Darren 255.255.255.255
network-object Intranet 255.255.255.255
network-object Una_Out 255.255.255.255
network-object Terry 255.255.255.255
network-object Intranet_FailOver 255.255.255.255
network-object MOConnor 255.255.255.255
network-object LKinney 255.255.255.255
object-group network NICCY
network-object Gary 255.255.255.255
network-object Darren 255.255.255.255
network-object Damien 255.255.255.255
network-object PDM_Mgnt 255.255.255.255
network-object Test 255.255.255.255
object-group network DMZ_ACCESS
network-object Darren 255.255.255.255
network-object Gary 255.255.255.255
network-object Damien 255.255.255.255
network-object Martin 255.255.255.255
network-object PDM_Mgnt 255.255.255.255
network-object Ciaran 255.255.255.255
access-list outside_access_in extended permit tcp any host x.x.x.98 eq smtp
access-list outside_access_in extended permit tcp any host x.x.x.99 eq https
access-list outside_access_in remark Allow SMTP Access
access-list outside_access_in remark Outside Access to HTTPS for OWA
access-list inside_access_in remark Allow DNS to NTL1
access-list inside_access_in extended permit udp any host NTL_DNS_1 eq domain
access-list inside_access_in remark Allow DNS to NTL2
access-list inside_access_in extended permit udp any host NTL_DNS_2 eq domain
access-list inside_access_in extended permit tcp host EQ-IMSS any eq smtp
access-list inside_access_in extended permit tcp object-group NoProxy any
access-list inside_access_in extended permit ip object-group NICCY any
access-list inside_access_in extended permit tcp host EQ-IWSS any object-group I
nside_Group
access-list inside_access_in extended permit ip host EQ-TS NIHRC_Inside 255.255.
255.0
access-list inside_access_in extended permit ip host Gary any
access-list inside_access_in remark Allow DNS to NTL1
access-list inside_access_in remark Allow DNS to NTL2
access-list inside_access_in extended permit ip host Darren NIHRC_Inside 255.255
.255.0
access-list inside_access_in extended permit ip host Damien NIHRC_Inside 255.255
.255.0
access-list inside_access_in extended permit ip host EQ-DC1 any
access-list inside_access_in extended permit ip host 192.168.100.39 any
access-list inside_nat0_outbound extended permit ip any 172.30.1.0 255.255.255.1
28
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0
NIHRC_Inside 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 172.30.1.0 255.255.2
55.128
access-list Outside_cryptomap_dyn_20 extended permit ip any 172.30.1.0 255.255.2
55.128
access-list Outside_cryptomap_dyn_20 extended permit ip 192.168.100.0 255.255.25
5.0 NIHRC_Inside 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0
NIHRC_Inside 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.100.0 255.255.25
5.0 NIHRC_Inside 255.255.255.0
access-list to_506 extended permit ip 192.168.100.0 255.255.255.0 NIHRC_Inside 2
55.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu inside 1500
mtu DMZ 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface inside
ip audit name Outside_Info info action alarm
ip audit name Outside_Attack attack action alarm drop
ip audit interface Outside Outside_Info
ip audit interface Outside Outside_Attack
ip local pool VPN_Pool 172.30.1.1-172.30.1.100 mask 255.255.255.128
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
monitor-interface Outside
monitor-interface inside
monitor-interface DMZ
asdm image flash:/asdm-501.bin
asdm location NIHRC_Inside 255.255.255.0 inside
asdm location NTL_DNS_1 255.255.255.255 inside
asdm location NTL_DNS_2 255.255.255.255 inside
asdm location NIHRC_Inside 255.255.255.0 Outside
asdm location 172.30.1.0 255.255.255.128 Outside
asdm location MOConnor 255.255.255.255 inside
asdm location x.x.x.154 255.255.255.255 Outside
asdm location x.x.x.153 255.255.255.255 Outside
asdm group NoProxy inside
asdm group NICCY inside
asdm group DMZ_ACCESS inside
no asdm history enable
arp timeout 14400
global (Outside) 1 x.x.x.101-x.x.x.107
global (Outside) 1 x.x.x.100
global (DMZ) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 dns tcp 5000 2500
nat (DMZ) 1 10.10.10.0 255.255.255.0
static (inside,Outside) x.x.x.98 EQ-IMSS netmask 255.255.255.255 dns tcp 5000 2
500
static (inside,Outside) x.x.x.99 192.168.100.252 netmask 255.255.255.255
access-group outside_access_in in interface Outside
access-group inside_access_in in interface inside
route Outside 0.0.0.0 0.0.0.0 x.x.x.110 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host 192.168.100.39
timeout 15
key Pix$h@R3dAuTH
group-policy EqualVpN01 internal
group-policy EqualVpN01 attributes
default-domain value equality.local
username Admin password HAJQkhw6aYskAzQl encrypted privilege 15
aaa authentication http console LOCAL
http server enable
http EQ-TS 255.255.255.255 inside
http EQ-IWSS 255.255.255.255 inside
http Gary 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-none
crypto ipsec transform-set ESP-DES-MD5 esp-3des esp-none
crypto ipsec transform-set TUNNEL_ESP_3DES_MD5 esp-3des esp-none
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TUNNEL_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set TUNNEL_ESP_3DES_SHA
crypto map outside_map 20 match address to_506
crypto map outside_map 20 set peer x.x.x.153
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map outside_map interface Outside
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet Gary 255.255.255.255 inside
telnet PDM_Mgnt 255.255.255.255 inside
telnet EQ-DC1 255.255.255.255 inside
telnet Darren 255.255.255.255 inside
telnet EQ-TS 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 30
dhcpd lease 3600
dhcpd ping_timeout 50
tunnel-group EqualVpN01 type ipsec-ra
tunnel-group EqualVpN01 general-attributes
address-pool VPN_Pool
authentication-server-grou
default-group-policy EqualVpN01
tunnel-group EqualVpN01 ipsec-attributes
pre-shared-key *
tunnel-group x.x.x.153 type ipsec-l2l
tunnel-group x.x.x.153 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
PIX Version 7.0(1)
names
name 192.168.100.14 EQ-DC1
name 194.168.4.100 NTL_DNS_1
name 194.168.8.100 NTL_DNS_2
name 192.168.101.0 NIHRC_Inside
name 192.168.100.40 PDM_Mgnt
name 192.168.100.23 EQ-IMSS
name 192.168.100.16 EQ-EXCH
name 192.168.100.28 Gary
name 192.168.100.26 Darren
name 192.168.100.35 Damien
name 192.168.100.25 EQ-IWSS
name 192.168.100.11 EQ-SQL
name 192.168.100.34 Bob
name 192.168.100.107 Martin
name 192.168.100.108 DVance
name 192.168.100.199 Bob_Laptop
name 81.144.250.195 NICCY_PIX
name 192.168.100.27 EQ-TS
name 192.168.100.93 Intranet
name 192.168.100.128 Una
name 192.168.100.214 Una_Out
name 10.10.10.3 EQ-IMSS1
name 192.168.100.213 Ciaran
name 192.168.100.188 Terry
name 192.168.100.253 Intranet_FailOver
name 192.168.100.158 Test
name 192.168.100.191 MOConnor
name 192.168.100.97 LKinney
!
interface Ethernet0
nameif Outside
security-level 0
ip address x.x.x.109 255.255.255.x
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.100.206 255.255.255.0
!
interface Ethernet2
nameif DMZ
security-level 4
ip address 10.10.10.1 255.255.255.0
!
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname Firewall
domain-name e.org
ftp mode passive
object-group service Inside_Group tcp
description Allow multiple services from Inside to Internet
port-object eq www
port-object eq ftp-data
port-object eq https
port-object eq ftp
object-group network NoProxy
network-object EQ-EXCH 255.255.255.255
network-object EQ-IMSS 255.255.255.255
network-object EQ-DC1 255.255.255.255
network-object EQ-IWSS 255.255.255.255
network-object EQ-SQL 255.255.255.255
network-object Bob 255.255.255.255
network-object Damien 255.255.255.255
network-object Martin 255.255.255.255
network-object DVance 255.255.255.255
network-object Bob_Laptop 255.255.255.255
network-object Gary 255.255.255.255
network-object EQ-TS 255.255.255.255
network-object Darren 255.255.255.255
network-object Intranet 255.255.255.255
network-object Una_Out 255.255.255.255
network-object Terry 255.255.255.255
network-object Intranet_FailOver 255.255.255.255
network-object MOConnor 255.255.255.255
network-object LKinney 255.255.255.255
object-group network NICCY
network-object Gary 255.255.255.255
network-object Darren 255.255.255.255
network-object Damien 255.255.255.255
network-object PDM_Mgnt 255.255.255.255
network-object Test 255.255.255.255
object-group network DMZ_ACCESS
network-object Darren 255.255.255.255
network-object Gary 255.255.255.255
network-object Damien 255.255.255.255
network-object Martin 255.255.255.255
network-object PDM_Mgnt 255.255.255.255
network-object Ciaran 255.255.255.255
access-list outside_access_in extended permit tcp any host x.x.x.98 eq smtp
access-list outside_access_in extended permit tcp any host x.x.x.99 eq https
access-list outside_access_in remark Allow SMTP Access
access-list outside_access_in remark Outside Access to HTTPS for OWA
access-list inside_access_in remark Allow DNS to NTL1
access-list inside_access_in extended permit udp any host NTL_DNS_1 eq domain
access-list inside_access_in remark Allow DNS to NTL2
access-list inside_access_in extended permit udp any host NTL_DNS_2 eq domain
access-list inside_access_in extended permit tcp host EQ-IMSS any eq smtp
access-list inside_access_in extended permit tcp object-group NoProxy any
access-list inside_access_in extended permit ip object-group NICCY any
access-list inside_access_in extended permit tcp host EQ-IWSS any object-group I
nside_Group
access-list inside_access_in extended permit ip host EQ-TS NIHRC_Inside 255.255.
255.0
access-list inside_access_in extended permit ip host Gary any
access-list inside_access_in remark Allow DNS to NTL1
access-list inside_access_in remark Allow DNS to NTL2
access-list inside_access_in extended permit ip host Darren NIHRC_Inside 255.255
.255.0
access-list inside_access_in extended permit ip host Damien NIHRC_Inside 255.255
.255.0
access-list inside_access_in extended permit ip host EQ-DC1 any
access-list inside_access_in extended permit ip host 192.168.100.39 any
access-list inside_nat0_outbound extended permit ip any 172.30.1.0 255.255.255.1
28
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0
NIHRC_Inside 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 172.30.1.0 255.255.2
55.128
access-list Outside_cryptomap_dyn_20 extended permit ip any 172.30.1.0 255.255.2
55.128
access-list Outside_cryptomap_dyn_20 extended permit ip 192.168.100.0 255.255.25
5.0 NIHRC_Inside 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0
NIHRC_Inside 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.100.0 255.255.25
5.0 NIHRC_Inside 255.255.255.0
access-list to_506 extended permit ip 192.168.100.0 255.255.255.0 NIHRC_Inside 2
55.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu inside 1500
mtu DMZ 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface inside
ip audit name Outside_Info info action alarm
ip audit name Outside_Attack attack action alarm drop
ip audit interface Outside Outside_Info
ip audit interface Outside Outside_Attack
ip local pool VPN_Pool 172.30.1.1-172.30.1.100 mask 255.255.255.128
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
monitor-interface Outside
monitor-interface inside
monitor-interface DMZ
asdm image flash:/asdm-501.bin
asdm location NIHRC_Inside 255.255.255.0 inside
asdm location NTL_DNS_1 255.255.255.255 inside
asdm location NTL_DNS_2 255.255.255.255 inside
asdm location NIHRC_Inside 255.255.255.0 Outside
asdm location 172.30.1.0 255.255.255.128 Outside
asdm location MOConnor 255.255.255.255 inside
asdm location x.x.x.154 255.255.255.255 Outside
asdm location x.x.x.153 255.255.255.255 Outside
asdm group NoProxy inside
asdm group NICCY inside
asdm group DMZ_ACCESS inside
no asdm history enable
arp timeout 14400
global (Outside) 1 x.x.x.101-x.x.x.107
global (Outside) 1 x.x.x.100
global (DMZ) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 dns tcp 5000 2500
nat (DMZ) 1 10.10.10.0 255.255.255.0
static (inside,Outside) x.x.x.98 EQ-IMSS netmask 255.255.255.255 dns tcp 5000 2
500
static (inside,Outside) x.x.x.99 192.168.100.252 netmask 255.255.255.255
access-group outside_access_in in interface Outside
access-group inside_access_in in interface inside
route Outside 0.0.0.0 0.0.0.0 x.x.x.110 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host 192.168.100.39
timeout 15
key Pix$h@R3dAuTH
group-policy EqualVpN01 internal
group-policy EqualVpN01 attributes
default-domain value equality.local
username Admin password HAJQkhw6aYskAzQl encrypted privilege 15
aaa authentication http console LOCAL
http server enable
http EQ-TS 255.255.255.255 inside
http EQ-IWSS 255.255.255.255 inside
http Gary 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-none
crypto ipsec transform-set ESP-DES-MD5 esp-3des esp-none
crypto ipsec transform-set TUNNEL_ESP_3DES_MD5 esp-3des esp-none
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TUNNEL_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set TUNNEL_ESP_3DES_SHA
crypto map outside_map 20 match address to_506
crypto map outside_map 20 set peer x.x.x.153
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map outside_map interface Outside
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet Gary 255.255.255.255 inside
telnet PDM_Mgnt 255.255.255.255 inside
telnet EQ-DC1 255.255.255.255 inside
telnet Darren 255.255.255.255 inside
telnet EQ-TS 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 30
dhcpd lease 3600
dhcpd ping_timeout 50
tunnel-group EqualVpN01 type ipsec-ra
tunnel-group EqualVpN01 general-attributes
address-pool VPN_Pool
authentication-server-grou
default-group-policy EqualVpN01
tunnel-group EqualVpN01 ipsec-attributes
pre-shared-key *
tunnel-group x.x.x.153 type ipsec-l2l
tunnel-group x.x.x.153 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
http EQ-TS 255.255.255.255 inside
http EQ-IWSS 255.255.255.255 inside
http Gary 255.255.255.255 inside
name 192.168.100.28 Gary
name 192.168.100.27 EQ-TS
name 192.168.100.23 EQ-IMSS
Only these three IP addresses can access the ASDM. Is one of them yours?
http EQ-IWSS 255.255.255.255 inside
http Gary 255.255.255.255 inside
name 192.168.100.28 Gary
name 192.168.100.27 EQ-TS
name 192.168.100.23 EQ-IMSS
Only these three IP addresses can access the ASDM. Is one of them yours?
ASKER
yes the 192.168.100.28 is my ip address. I have been able to access ASDM from this ip address before the changes were made from the CLI.
>asdm image flash:/asdm-501.bin
Use PIX#dir flash:
and make sure that file is still there..
Use PIX#dir flash:
and make sure that file is still there..
ASKER
yes the image is still there see results below
Directory of flash:/
4 -rw- 9916 13:45:35 Apr 08 2006 downgrade.cfg
7 -rw- 5103672 13:46:22 Apr 08 2006 image.bin
11 -rw- 5919340 14:17:05 Apr 08 2006 asdm-501.bin
12 -rw- 9916 09:24:38 Apr 10 2006 080406
Directory of flash:/
4 -rw- 9916 13:45:35 Apr 08 2006 downgrade.cfg
7 -rw- 5103672 13:46:22 Apr 08 2006 image.bin
11 -rw- 5919340 14:17:05 Apr 08 2006 asdm-501.bin
12 -rw- 9916 09:24:38 Apr 10 2006 080406
ASKER
When i access the ASDM it loads and then says "Please wait while ASDM is loading the current configuration from device." It then shows a status bar which stops at 52%.
The current action is Validating running configuration.
The current action is Validating running configuration.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Lol thanks for all your help.
I was wondering what was the fix? Cause I'm having the same problem as you are garyrafferty.
ASKER
Corrupt copy of the asdm file on pix
Have you rebooted the PIX?
Have you updated your Java RE?