Rules lists are empty...but everything is working??

Hello experts.
I wanted to change a couple of access rules on my cisco asa firewall, but when i loaded the asdm  interface all the rules lists were empty!!!
Oddly everything is working, if you try to monitor top 10 access rules you get "n/a config out of sync" on both dest and sorc.
if you want to enable loggin you get : \
[ERROR] logging asdm Informational
      
logging asdm Informational
   ^
 % Invalid input detected at '^' marker.

ASDM v is 6.1
ASA ver: Cisco ASA-5505
I tried to restart both the asa and the server, same results.
Uninstalled the ASDM and the java and reinstalled it...still no luck.
Tried to search experts and google, nothing...
Help..ran out of ideas.
Thank you
siltechAsked:
Who is Participating?
 
siltechAuthor Commented:
Ok , solved it!!!!
If you got to asa telnet and type "show run" it will show you the use rs and their privileges...
the admin user I was using had "0" privilege, that was the reason I had no rules and "out of sync " message. I created a new user on the telnet, gave him "15" on privilege and tada..Can see everything on ASDM.
Thank you for you replies.
0
 
JFrederick29Commented:
Can you post a "show version"?
0
 
siltechAuthor Commented:
Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(2)

Compiled on Fri 15-Jun-07 19:29 by builders
System image file is "disk0:/asa802-k8.bin"
Config file at boot was "startup-config"

domain-xxx up 11 hours 28 mins

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Int: Internal-Data0/0    : address is 001f.9e1f.6664, irq 11
 1: Ext: Ethernet0/0         : address is 001f.9e1f.665c, irq 255
 2: Ext: Ethernet0/1         : address is 001f.9e1f.665d, irq 255
 3: Ext: Ethernet0/2         : address is 001f.9e1f.665e, irq 255
 4: Ext: Ethernet0/3         : address is 001f.9e1f.665f, irq 255
 5: Ext: Ethernet0/4         : address is 001f.9e1f.6660, irq 255
 6: Ext: Ethernet0/5         : address is 001f.9e1f.6661, irq 255
 7: Ext: Ethernet0/6         : address is 001f.9e1f.6662, irq 255
 8: Ext: Ethernet0/7         : address is 001f.9e1f.6663, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces  : 8        
VLANs                        : 3, DMZ Restricted
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
VPN Peers                    : 10        
WebVPN Peers                 : 2        
Dual ISPs                    : Disabled  
VLAN Trunk Ports             : 0        
Advanced Endpoint Assessment : Disabled  

This platform has a Base license.

Serial Number: JMX1208Z2A3
Running Activation Key: 0xb829715a 0xf43b8469 0x50e3a100 0xae18f4ec 0xc920e799
Configuration register is 0x1
Configuration last modified by admin at 19:47:07.799 UTC Mon Feb 9 2009




if i telnet the firewall i can see everything, all the rules all the interfaces.


0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
JFrederick29Commented:
Can you post a "show run asdm" and a "dir flash:"
0
 
siltechAuthor Commented:
Result of the command: "show run asdm"

show run asdm
     ^
ERROR: % Invalid input detected at '^' marker.


Result of the command: "dir flash"

dir flash
^
ERROR: % Invalid input detected at '^' marker.
0
 
siltechAuthor Commented:

I tried the same commands in telnet:
show run asdm:
asdm image disk0:/asdm-602.bin
no asdm history enable

dir flash:

Directory of disk0:/

69     -rwx  8386560     08:06:02 Feb 22 2008  asa723-k8.bin
70     -rwx  4181246     08:06:26 Feb 22 2008  securedesktop-asa-3.2.1.103-k9.pkg
71     -rwx  398305      08:06:40 Feb 22 2008  sslclient-win-1.1.0.154.pkg
72     -rwx  6287244     08:08:10 Feb 22 2008  asdm-523.bin
6      drwx  4096        14:58:12 Apr 10 2008  crypto_archive
74     -rwx  6889764     08:28:42 Apr 10 2008  asdm-602.bin
75     -rwx  14524416    08:54:16 Apr 10 2008  asa802-k8.bin
2      drwx  4096        09:43:38 Apr 10 2008  log
76     -rwx  2206062     07:26:20 Apr 14 2008  sslclient-win-1.1.4.176-anyconnect.pkg

126849024 bytes total (82898944 bytes free)

0
 
JFrederick29Commented:
Okay, has this worked before?  Did you just upgrade to 8.0(2) and 6.02 ASDM?  Try rebooting the ASA. Have you tried accessing ASDM via a different PC?
0
 
siltechAuthor Commented:
It worked before.
I would upgrate if I had the cisco.com user name and password.
Tried to reboot, what happened was mails stopped going out because the rules updated ( apparently somebody changed them but never rebooted...). So had to add another rule to let smtp out.
Just tried from another PC...same thing
0
 
siltechAuthor Commented:
Is it possible that the account I am using doesnt have enough rights to actually see the rules? (( the account works fine on telnet console))
0
 
JFrederick29Commented:
What version of Java do you have on the machine?  Try 1.5 if you are using a different version.  I know there are issues with 1.6.  It isn't a credential thing as your account has level 15 access if you are able to reload or make changes.  If HTTP access wasn't allowed from your IP address, you wouldn't get as far as you are getting but you can do a "show run http" to verify your IP has access via ASDM.
0
 
JFrederick29Commented:
Good deal.  I assumed the account you were using had level 15 access.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.