?
Solved

ASDM is unable to read the configuration from the ASA.

Posted on 2008-11-04
21
Medium Priority
?
19,423 Views
Last Modified: 2012-05-05
I am able to connect via the management interface via asdm but asdm doesnt read the configuration from ASA. PLease help
hostname ASA-Millat
domain-name millat.com.pk
enable password 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
 duplex full
 nameif outside
 security-level 0
 ip address 192.168.13.1 255.255.255.0
!
interface Ethernet0/1
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 192.168.12.2 255.255.255.0
!
interface Ethernet0/2
 speed 100
 duplex full
 nameif DMZ
 security-level 50
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/3
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.16.1 255.255.255.0
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns domain-lookup inside
dns domain-lookup DMZ
access-list 101 extended permit ip any any
access-list 101 extended permit icmp any any
access-list 101 extended permit tcp any any eq www
access-list 101 extended permit tcp any any eq https
access-list 101 extended permit tcp any any eq ftp
access-list 101 extended permit tcp any any eq pop3
access-list 101 extended permit tcp any any eq smtp
access-list 101 extended permit tcp any any
access-list 1110 extended permit tcp any any eq https
access-list inside_access_in extended permit tcp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any any eq https
access-list inside_access_in extended permit tcp any any eq ftp
access-list inside_access_in extended permit tcp any any eq pop3
access-list inside_access_in extended permit tcp any any eq smtp
access-list DMZ_access_in extended permit tcp any any
access-list DMZ_access_in extended permit ip any any
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit tcp any any eq www
access-list DMZ_access_in extended permit tcp any any eq https
access-list DMZ_access_in extended permit tcp any any eq ftp
access-list DMZ_access_in extended permit tcp any any eq pop3
access-list DMZ_access_in extended permit tcp any any eq smtp
!
tcp-map ,m
  reserved-bits clear
!
pager lines 24
logging enable
logging emblem
logging buffered emergencies
logging asdm informational
logging from-address root@asa-millat.com.pk
logging facility 16
logging host inside 192.168.10.171 6/1470
logging host DMZ 192.168.16.2 6/1470
logging permit-hostdown
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip audit signature 2151 disable
no failover
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (DMZ) 1 interface
static (inside,DMZ) 192.168.12.0 192.168.12.0 netmask 255.255.255.0
access-group 101 in interface outside
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
route DMZ 0.0.0.0 0.0.0.0 192.168.1.18 1
!
router ospf 1
 network 192.168.1.0 255.255.255.0 area 0
 network 192.168.12.0 255.255.255.0 area 0
 log-adj-changes
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.16.0 255.255.255.0 management
no snmp-server location
snmp-server contact Nasir
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
fragment size 30000 outside
sysopt connection tcpmss 0
sysopt noproxyarp outside
telnet 192.168.12.0 255.255.255.0 inside
telnet timeout 30
ssh 192.168.12.0 255.255.255.0 inside
ssh timeout 30
console timeout 0
management-access inside
dhcpd address 192.168.16.2-192.168.16.10 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
smtp-server 192.168.1.11
Cryptochecksum:7657f2d7c589bccc4d161d7f4967661c
: end

Open in new window

asdm.JPG
0
Comment
Question by:nasirsh
20 Comments
 
LVL 3

Expert Comment

by:fraserc
ID: 22876185
Hi,

It might not be the best solution but you could try factory resetting the ASA either vi ASDM or the CLI.

ASDM: File -> Reset Device to the Factory Default Configuration
CLI: hostname(config)# configure factory-default 192.168.16.1 255.255.255.0

You could then issue the commands from your configuration file one at a time to see where the problem lies...Hope that helps.

F.

0
 

Expert Comment

by:iFroyd
ID: 22907659
Having the same problem here, weird enough the JAVA version from the ASDM http works fine.
0
 

Expert Comment

by:dnevnik
ID: 23003072
I've downgraded from the lates Java Version 6 Update 10 to Update 7 and ASDM 5.2 works fine again
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Expert Comment

by:daveydp
ID: 23035462
The java update 10 broke my ASDM also. Downgraded to Update 7 like above and it worked just fine again.
0
 

Expert Comment

by:securitycube
ID: 23342747
My ASA is 5.2 and I am tried all versions of Jana on Vista 64bit but it still dosent work. I get the same error. Any ideas?
0
 
LVL 3

Accepted Solution

by:
Magim_IT earned 2000 total points
ID: 23427184
In ASDM, clear ASDM cache and internal log buffer (nothing to do with firewall config or logs) and then select refresh ASDM with the running configuration on the device option. all these options are there in the file menu of ASDM.
This will help you to run ASDM in all the JAVA versions. You might not want to change the JAVA version just for one application, other apps may want to use the latest one.
 
0
 
LVL 5

Expert Comment

by:innotionent
ID: 23451430
Magim IT,
You have excellent solution. It worked for me.
0
 

Expert Comment

by:WSODOPS
ID: 23500798
I was attempting to connect for the first time and saw this same error. Clearing the ASDM cache and the Log Buffer solved my problem as well.

The accepted solution should be changed for this problem. Moderators?
0
 

Expert Comment

by:etur
ID: 23574647
Clearing the ASDM cache and the Log Buffer solved my problem as well. I am using Vista 64-bit
0
 

Expert Comment

by:trsandersonii
ID: 23602987
Clearing the ASDM cache and the Log Buffer solved my problem. I have to do it every time. If the ASDM cache and Log Buffer are already cleared before I run the ASDM launcher, then I get no error and ASDM loads normally. I wish there was a way to permanently keep the ASDM cache and Log Buffer cleared. Anyone know?
0
 
LVL 3

Expert Comment

by:fraserc
ID: 23603129
Hi,

The java down grade is totally unnecessary, all you have to do is.

1) Find the asdm-launcher.config file (C:\Program Files\Cisco Systems\ASDM\asdm-launcher.config)
2) Right click, choose properties and remove the 'read only' check
3) Open the file and add the following line:
javapath c:\Program Files\Java\jre1.6.0_07\bin\client\jvm.dll
4) Save the file and replace the read only check

Regards,

Fraser.

0
 

Expert Comment

by:WSODOPS
ID: 23604407
I'd rather just clear the ASDM cache and log buffer, three clicks, refresh, done. But that's me I'm laaazy...
0
 

Expert Comment

by:spectre921
ID: 23637301
Fraserc,

Your suggestion that the downgrade was unnecessary was spot on correct.  I added the path and configuration popped right back up for Windows server 2003.

Spectre
0
 

Expert Comment

by:traut01
ID: 23718196
Thanks fraserc your recommendation worked for me.
0
 

Expert Comment

by:AECORPSupport
ID: 23737083
fraserc,

only your resolution worked for me.

Thanks!!!
0
 

Expert Comment

by:jgroller
ID: 23880979
Magim IT:  Perfect!  my only comment, is do the steps listed in your post, in order, without closing ASDM.  Worked!  

I agree, using this solution, the java downgrade is not necessary.

Thank you!
0
 

Expert Comment

by:f00ey
ID: 23940296
Magim_IT, you are a GENIUS!
0
 
LVL 1

Expert Comment

by:tolninja
ID: 23970085
Fraserc - you da man.
0
 

Expert Comment

by:f00ey
ID: 23970382
ok, that works but I have to do it every single time I load asdm...at least so far....any solution to that?

asdm v5.2

Thanks
0
 

Expert Comment

by:DAU_IS
ID: 24217614
Magim_IT:  you nailed it with the clear cache and log buffer.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month15 days, 18 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question