nasirsh
asked on
ASDM is unable to read the configuration from the ASA.
I am able to connect via the management interface via asdm but asdm doesnt read the configuration from ASA. PLease help
hostname ASA-Millat
domain-name millat.com.pk
enable password 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
duplex full
nameif outside
security-level 0
ip address 192.168.13.1 255.255.255.0
!
interface Ethernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.12.2 255.255.255.0
!
interface Ethernet0/2
speed 100
duplex full
nameif DMZ
security-level 50
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/3
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.16.1 255.255.255.0
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns domain-lookup inside
dns domain-lookup DMZ
access-list 101 extended permit ip any any
access-list 101 extended permit icmp any any
access-list 101 extended permit tcp any any eq www
access-list 101 extended permit tcp any any eq https
access-list 101 extended permit tcp any any eq ftp
access-list 101 extended permit tcp any any eq pop3
access-list 101 extended permit tcp any any eq smtp
access-list 101 extended permit tcp any any
access-list 1110 extended permit tcp any any eq https
access-list inside_access_in extended permit tcp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any any eq https
access-list inside_access_in extended permit tcp any any eq ftp
access-list inside_access_in extended permit tcp any any eq pop3
access-list inside_access_in extended permit tcp any any eq smtp
access-list DMZ_access_in extended permit tcp any any
access-list DMZ_access_in extended permit ip any any
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit tcp any any eq www
access-list DMZ_access_in extended permit tcp any any eq https
access-list DMZ_access_in extended permit tcp any any eq ftp
access-list DMZ_access_in extended permit tcp any any eq pop3
access-list DMZ_access_in extended permit tcp any any eq smtp
!
tcp-map ,m
reserved-bits clear
!
pager lines 24
logging enable
logging emblem
logging buffered emergencies
logging asdm informational
logging from-address root@asa-millat.com.pk
logging facility 16
logging host inside 192.168.10.171 6/1470
logging host DMZ 192.168.16.2 6/1470
logging permit-hostdown
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip audit signature 2151 disable
no failover
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (DMZ) 1 interface
static (inside,DMZ) 192.168.12.0 192.168.12.0 netmask 255.255.255.0
access-group 101 in interface outside
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
route DMZ 0.0.0.0 0.0.0.0 192.168.1.18 1
!
router ospf 1
network 192.168.1.0 255.255.255.0 area 0
network 192.168.12.0 255.255.255.0 area 0
log-adj-changes
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.16.0 255.255.255.0 management
no snmp-server location
snmp-server contact Nasir
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
fragment size 30000 outside
sysopt connection tcpmss 0
sysopt noproxyarp outside
telnet 192.168.12.0 255.255.255.0 inside
telnet timeout 30
ssh 192.168.12.0 255.255.255.0 inside
ssh timeout 30
console timeout 0
management-access inside
dhcpd address 192.168.16.2-192.168.16.10 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
smtp-server 192.168.1.11
Cryptochecksum:7657f2d7c589bccc4d161d7f4967661c
: end
asdm.JPG
Having the same problem here, weird enough the JAVA version from the ASDM http works fine.
I've downgraded from the lates Java Version 6 Update 10 to Update 7 and ASDM 5.2 works fine again
The java update 10 broke my ASDM also. Downgraded to Update 7 like above and it worked just fine again.
My ASA is 5.2 and I am tried all versions of Jana on Vista 64bit but it still dosent work. I get the same error. Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Magim IT,
You have excellent solution. It worked for me.
You have excellent solution. It worked for me.
I was attempting to connect for the first time and saw this same error. Clearing the ASDM cache and the Log Buffer solved my problem as well.
The accepted solution should be changed for this problem. Moderators?
The accepted solution should be changed for this problem. Moderators?
Clearing the ASDM cache and the Log Buffer solved my problem as well. I am using Vista 64-bit
Clearing the ASDM cache and the Log Buffer solved my problem. I have to do it every time. If the ASDM cache and Log Buffer are already cleared before I run the ASDM launcher, then I get no error and ASDM loads normally. I wish there was a way to permanently keep the ASDM cache and Log Buffer cleared. Anyone know?
Hi,
The java down grade is totally unnecessary, all you have to do is.
1) Find the asdm-launcher.config file (C:\Program Files\Cisco Systems\ASDM\asdm-launcher .config)
2) Right click, choose properties and remove the 'read only' check
3) Open the file and add the following line:
javapath c:\Program Files\Java\jre1.6.0_07\bin \client\jv m.dll
4) Save the file and replace the read only check
Regards,
Fraser.
The java down grade is totally unnecessary, all you have to do is.
1) Find the asdm-launcher.config file (C:\Program Files\Cisco Systems\ASDM\asdm-launcher
2) Right click, choose properties and remove the 'read only' check
3) Open the file and add the following line:
javapath c:\Program Files\Java\jre1.6.0_07\bin
4) Save the file and replace the read only check
Regards,
Fraser.
I'd rather just clear the ASDM cache and log buffer, three clicks, refresh, done. But that's me I'm laaazy...
Fraserc,
Your suggestion that the downgrade was unnecessary was spot on correct. I added the path and configuration popped right back up for Windows server 2003.
Spectre
Your suggestion that the downgrade was unnecessary was spot on correct. I added the path and configuration popped right back up for Windows server 2003.
Spectre
Thanks fraserc your recommendation worked for me.
fraserc,
only your resolution worked for me.
Thanks!!!
only your resolution worked for me.
Thanks!!!
Magim IT: Perfect! my only comment, is do the steps listed in your post, in order, without closing ASDM. Worked!
I agree, using this solution, the java downgrade is not necessary.
Thank you!
I agree, using this solution, the java downgrade is not necessary.
Thank you!
Magim_IT, you are a GENIUS!
Fraserc - you da man.
ok, that works but I have to do it every single time I load asdm...at least so far....any solution to that?
asdm v5.2
Thanks
asdm v5.2
Thanks
Magim_IT: you nailed it with the clear cache and log buffer.
It might not be the best solution but you could try factory resetting the ASA either vi ASDM or the CLI.
ASDM: File -> Reset Device to the Factory Default Configuration
CLI: hostname(config)# configure factory-default 192.168.16.1 255.255.255.0
You could then issue the commands from your configuration file one at a time to see where the problem lies...Hope that helps.
F.