Solved

Cisco Pix 515e ASDM stopped working

Posted on 2006-06-16
13
2,642 Views
Last Modified: 2013-11-16
I cant access the ASDM GUI on my cisco 515e pix. The pix partly loads the ASDM but stops at 52% while Validating the running configuration.
Can anyone please help

Thanks in advance

0
Comment
Question by:garyrafferty
  • 7
  • 5
13 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16924473
Did anything change from the last time you used it?
Have you rebooted the PIX?
Have you updated your Java RE?
0
 
LVL 8

Author Comment

by:garyrafferty
ID: 16927499
I have rebooted the Pix several time with no luck.  The pix configuration has been changed using the CLI by another person and i dont no what he changed.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16927692
Can you console in and get a copy of the existing config?
0
 
LVL 8

Author Comment

by:garyrafferty
ID: 16930120
Here is the current running configuration thanks

PIX Version 7.0(1)
names
name 192.168.100.14 EQ-DC1
name 194.168.4.100 NTL_DNS_1
name 194.168.8.100 NTL_DNS_2
name 192.168.101.0 NIHRC_Inside
name 192.168.100.40 PDM_Mgnt
name 192.168.100.23 EQ-IMSS
name 192.168.100.16 EQ-EXCH
name 192.168.100.28 Gary
name 192.168.100.26 Darren
name 192.168.100.35 Damien
name 192.168.100.25 EQ-IWSS
name 192.168.100.11 EQ-SQL
name 192.168.100.34 Bob
name 192.168.100.107 Martin
name 192.168.100.108 DVance
name 192.168.100.199 Bob_Laptop
name 81.144.250.195 NICCY_PIX
name 192.168.100.27 EQ-TS
name 192.168.100.93 Intranet
name 192.168.100.128 Una
name 192.168.100.214 Una_Out
name 10.10.10.3 EQ-IMSS1
name 192.168.100.213 Ciaran
name 192.168.100.188 Terry
name 192.168.100.253 Intranet_FailOver
name 192.168.100.158 Test
name 192.168.100.191 MOConnor
name 192.168.100.97 LKinney
!
interface Ethernet0
 nameif Outside
 security-level 0
 ip address x.x.x.109 255.255.255.x
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.100.206 255.255.255.0
!
interface Ethernet2
 nameif DMZ
 security-level 4
 ip address 10.10.10.1 255.255.255.0
!
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname Firewall
domain-name e.org
ftp mode passive
object-group service Inside_Group tcp
 description Allow multiple services from Inside to Internet
 port-object eq www
 port-object eq ftp-data
 port-object eq https
 port-object eq ftp
object-group network NoProxy
 network-object EQ-EXCH 255.255.255.255
 network-object EQ-IMSS 255.255.255.255
 network-object EQ-DC1 255.255.255.255
 network-object EQ-IWSS 255.255.255.255
 network-object EQ-SQL 255.255.255.255
 network-object Bob 255.255.255.255
 network-object Damien 255.255.255.255
 network-object Martin 255.255.255.255
 network-object DVance 255.255.255.255
 network-object Bob_Laptop 255.255.255.255
 network-object Gary 255.255.255.255
 network-object EQ-TS 255.255.255.255
 network-object Darren 255.255.255.255
 network-object Intranet 255.255.255.255
 network-object Una_Out 255.255.255.255
 network-object Terry 255.255.255.255
 network-object Intranet_FailOver 255.255.255.255
 network-object MOConnor 255.255.255.255
 network-object LKinney 255.255.255.255
object-group network NICCY
 network-object Gary 255.255.255.255
 network-object Darren 255.255.255.255
 network-object Damien 255.255.255.255
 network-object PDM_Mgnt 255.255.255.255
 network-object Test 255.255.255.255
object-group network DMZ_ACCESS
 network-object Darren 255.255.255.255
 network-object Gary 255.255.255.255
 network-object Damien 255.255.255.255
 network-object Martin 255.255.255.255
 network-object PDM_Mgnt 255.255.255.255
 network-object Ciaran 255.255.255.255
access-list outside_access_in extended permit tcp any host x.x.x.98 eq smtp
access-list outside_access_in extended permit tcp any host x.x.x.99 eq https
access-list outside_access_in remark Allow SMTP Access
access-list outside_access_in remark Outside Access to HTTPS for OWA
access-list inside_access_in remark Allow DNS to NTL1
access-list inside_access_in extended permit udp any host NTL_DNS_1 eq domain
access-list inside_access_in remark Allow DNS to NTL2
access-list inside_access_in extended permit udp any host NTL_DNS_2 eq domain
access-list inside_access_in extended permit tcp host EQ-IMSS any eq smtp
access-list inside_access_in extended permit tcp object-group NoProxy any
access-list inside_access_in extended permit ip object-group NICCY any
access-list inside_access_in extended permit tcp host EQ-IWSS any object-group I
nside_Group
access-list inside_access_in extended permit ip host EQ-TS NIHRC_Inside 255.255.
255.0
access-list inside_access_in extended permit ip host Gary any
access-list inside_access_in remark Allow DNS to NTL1
access-list inside_access_in remark Allow DNS to NTL2
access-list inside_access_in extended permit ip host Darren NIHRC_Inside 255.255
.255.0
access-list inside_access_in extended permit ip host Damien NIHRC_Inside 255.255
.255.0
access-list inside_access_in extended permit ip host EQ-DC1 any
access-list inside_access_in extended permit ip host 192.168.100.39 any
access-list inside_nat0_outbound extended permit ip any 172.30.1.0 255.255.255.1
28
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0
NIHRC_Inside 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 172.30.1.0 255.255.2
55.128
access-list Outside_cryptomap_dyn_20 extended permit ip any 172.30.1.0 255.255.2
55.128
access-list Outside_cryptomap_dyn_20 extended permit ip 192.168.100.0 255.255.25
5.0 NIHRC_Inside 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0
NIHRC_Inside 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip 192.168.100.0 255.255.25
5.0 NIHRC_Inside 255.255.255.0
access-list to_506 extended permit ip 192.168.100.0 255.255.255.0 NIHRC_Inside 2
55.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu inside 1500
mtu DMZ 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface inside
ip audit name Outside_Info info action alarm
ip audit name Outside_Attack attack action alarm drop
ip audit interface Outside Outside_Info
ip audit interface Outside Outside_Attack
ip local pool VPN_Pool 172.30.1.1-172.30.1.100 mask 255.255.255.128
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
monitor-interface Outside
monitor-interface inside
monitor-interface DMZ
asdm image flash:/asdm-501.bin
asdm location NIHRC_Inside 255.255.255.0 inside
asdm location NTL_DNS_1 255.255.255.255 inside
asdm location NTL_DNS_2 255.255.255.255 inside
asdm location NIHRC_Inside 255.255.255.0 Outside
asdm location 172.30.1.0 255.255.255.128 Outside
asdm location MOConnor 255.255.255.255 inside
asdm location x.x.x.154 255.255.255.255 Outside
asdm location x.x.x.153 255.255.255.255 Outside
asdm group NoProxy inside
asdm group NICCY inside
asdm group DMZ_ACCESS inside
no asdm history enable
arp timeout 14400
global (Outside) 1 x.x.x.101-x.x.x.107
global (Outside) 1 x.x.x.100
global (DMZ) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 dns tcp 5000 2500
nat (DMZ) 1 10.10.10.0 255.255.255.0
static (inside,Outside) x.x.x.98 EQ-IMSS netmask 255.255.255.255 dns tcp 5000 2
500
static (inside,Outside) x.x.x.99 192.168.100.252 netmask 255.255.255.255
access-group outside_access_in in interface Outside
access-group inside_access_in in interface inside
route Outside 0.0.0.0 0.0.0.0 x.x.x.110 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host 192.168.100.39
 timeout 15
 key Pix$h@R3dAuTH
group-policy EqualVpN01 internal
group-policy EqualVpN01 attributes
 default-domain value equality.local
username Admin password HAJQkhw6aYskAzQl encrypted privilege 15
aaa authentication http console LOCAL
http server enable
http EQ-TS 255.255.255.255 inside
http EQ-IWSS 255.255.255.255 inside
http Gary 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-none
crypto ipsec transform-set ESP-DES-MD5 esp-3des esp-none
crypto ipsec transform-set TUNNEL_ESP_3DES_MD5 esp-3des esp-none
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TUNNEL_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set TUNNEL_ESP_3DES_SHA
crypto map outside_map 20 match address to_506
crypto map outside_map 20 set peer x.x.x.153
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map outside_map interface Outside
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet Gary 255.255.255.255 inside
telnet PDM_Mgnt 255.255.255.255 inside
telnet EQ-DC1 255.255.255.255 inside
telnet Darren 255.255.255.255 inside
telnet EQ-TS 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 30
dhcpd lease 3600
dhcpd ping_timeout 50
tunnel-group EqualVpN01 type ipsec-ra
tunnel-group EqualVpN01 general-attributes
 address-pool VPN_Pool
 authentication-server-group RADIUS
 default-group-policy EqualVpN01
tunnel-group EqualVpN01 ipsec-attributes
 pre-shared-key *
tunnel-group x.x.x.153 type ipsec-l2l
tunnel-group x.x.x.153 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16930263
http EQ-TS 255.255.255.255 inside
http EQ-IWSS 255.255.255.255 inside
http Gary 255.255.255.255 inside
name 192.168.100.28 Gary
name 192.168.100.27 EQ-TS
name 192.168.100.23 EQ-IMSS

Only these three IP addresses can access the ASDM. Is one of them yours?
0
 
LVL 8

Author Comment

by:garyrafferty
ID: 16930349
yes the 192.168.100.28 is my ip address. I have been able to access ASDM from this ip address before the changes were made from the CLI.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 79

Expert Comment

by:lrmoore
ID: 16930359
>asdm image flash:/asdm-501.bin
Use PIX#dir flash:
and make sure that file is still there..
0
 
LVL 8

Author Comment

by:garyrafferty
ID: 16930376
yes the image is still there see results below

Directory of flash:/

4      -rw-  9916        13:45:35 Apr 08 2006  downgrade.cfg
7      -rw-  5103672     13:46:22 Apr 08 2006  image.bin
11     -rw-  5919340     14:17:05 Apr 08 2006  asdm-501.bin
12     -rw-  9916        09:24:38 Apr 10 2006  080406
0
 
LVL 8

Author Comment

by:garyrafferty
ID: 16930403
When i access the ASDM it loads and then says "Please wait while ASDM is loading the current configuration from device." It then shows a status bar which stops at 52%.

The current action is Validating running configuration.



0
 
LVL 79

Accepted Solution

by:
lrmoore earned 350 total points
ID: 16930485
If it's hanging on validating running config there must be something that was added CLI that it does not like. I can't see anything strange. Find the guy that made the changes and don't let go of his nards until he tells you what he changed and promises never to touch it again...
0
 
LVL 8

Author Comment

by:garyrafferty
ID: 16930505
Lol thanks for all your help.
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 22815405
I was wondering what was the fix?  Cause I'm  having the same problem as you are garyrafferty.
0
 
LVL 8

Author Comment

by:garyrafferty
ID: 22826769
Corrupt copy of the asdm file on pix
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now