Rules lists are empty...but everything is working??

Posted on 2009-02-09
Last Modified: 2012-05-06
Hello experts.
I wanted to change a couple of access rules on my cisco asa firewall, but when i loaded the asdm  interface all the rules lists were empty!!!
Oddly everything is working, if you try to monitor top 10 access rules you get "n/a config out of sync" on both dest and sorc.
if you want to enable loggin you get : \
[ERROR] logging asdm Informational
logging asdm Informational
 % Invalid input detected at '^' marker.

ASDM v is 6.1
ASA ver: Cisco ASA-5505
I tried to restart both the asa and the server, same results.
Uninstalled the ASDM and the java and reinstalled it...still no luck.
Tried to search experts and google, nothing...
Help..ran out of ideas.
Thank you
Question by:siltech
    LVL 43

    Expert Comment

    Can you post a "show version"?

    Author Comment

    Result of the command: "show version"

    Cisco Adaptive Security Appliance Software Version 8.0(2)
    Device Manager Version 6.0(2)

    Compiled on Fri 15-Jun-07 19:29 by builders
    System image file is "disk0:/asa802-k8.bin"
    Config file at boot was "startup-config"

    domain-xxx up 11 hours 28 mins

    Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
    Internal ATA Compact Flash, 128MB
    BIOS Flash M50FW080 @ 0xffe00000, 1024KB

    Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                                 Boot microcode   : CN1000-MC-BOOT-2.00
                                 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
                                 IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
     0: Int: Internal-Data0/0    : address is 001f.9e1f.6664, irq 11
     1: Ext: Ethernet0/0         : address is 001f.9e1f.665c, irq 255
     2: Ext: Ethernet0/1         : address is 001f.9e1f.665d, irq 255
     3: Ext: Ethernet0/2         : address is 001f.9e1f.665e, irq 255
     4: Ext: Ethernet0/3         : address is 001f.9e1f.665f, irq 255
     5: Ext: Ethernet0/4         : address is 001f.9e1f.6660, irq 255
     6: Ext: Ethernet0/5         : address is 001f.9e1f.6661, irq 255
     7: Ext: Ethernet0/6         : address is 001f.9e1f.6662, irq 255
     8: Ext: Ethernet0/7         : address is 001f.9e1f.6663, irq 255
     9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
    10: Int: Not used            : irq 255
    11: Int: Not used            : irq 255

    Licensed features for this platform:
    Maximum Physical Interfaces  : 8        
    VLANs                        : 3, DMZ Restricted
    Inside Hosts                 : Unlimited
    Failover                     : Disabled
    VPN-DES                      : Enabled  
    VPN-3DES-AES                 : Enabled  
    VPN Peers                    : 10        
    WebVPN Peers                 : 2        
    Dual ISPs                    : Disabled  
    VLAN Trunk Ports             : 0        
    Advanced Endpoint Assessment : Disabled  

    This platform has a Base license.

    Serial Number: JMX1208Z2A3
    Running Activation Key: 0xb829715a 0xf43b8469 0x50e3a100 0xae18f4ec 0xc920e799
    Configuration register is 0x1
    Configuration last modified by admin at 19:47:07.799 UTC Mon Feb 9 2009

    if i telnet the firewall i can see everything, all the rules all the interfaces.

    LVL 43

    Expert Comment

    Can you post a "show run asdm" and a "dir flash:"

    Author Comment

    Result of the command: "show run asdm"

    show run asdm
    ERROR: % Invalid input detected at '^' marker.

    Result of the command: "dir flash"

    dir flash
    ERROR: % Invalid input detected at '^' marker.

    Author Comment


    I tried the same commands in telnet:
    show run asdm:
    asdm image disk0:/asdm-602.bin
    no asdm history enable

    dir flash:

    Directory of disk0:/

    69     -rwx  8386560     08:06:02 Feb 22 2008  asa723-k8.bin
    70     -rwx  4181246     08:06:26 Feb 22 2008  securedesktop-asa-
    71     -rwx  398305      08:06:40 Feb 22 2008  sslclient-win-
    72     -rwx  6287244     08:08:10 Feb 22 2008  asdm-523.bin
    6      drwx  4096        14:58:12 Apr 10 2008  crypto_archive
    74     -rwx  6889764     08:28:42 Apr 10 2008  asdm-602.bin
    75     -rwx  14524416    08:54:16 Apr 10 2008  asa802-k8.bin
    2      drwx  4096        09:43:38 Apr 10 2008  log
    76     -rwx  2206062     07:26:20 Apr 14 2008  sslclient-win-

    126849024 bytes total (82898944 bytes free)

    LVL 43

    Expert Comment

    Okay, has this worked before?  Did you just upgrade to 8.0(2) and 6.02 ASDM?  Try rebooting the ASA. Have you tried accessing ASDM via a different PC?

    Author Comment

    It worked before.
    I would upgrate if I had the user name and password.
    Tried to reboot, what happened was mails stopped going out because the rules updated ( apparently somebody changed them but never rebooted...). So had to add another rule to let smtp out.
    Just tried from another PC...same thing

    Author Comment

    Is it possible that the account I am using doesnt have enough rights to actually see the rules? (( the account works fine on telnet console))
    LVL 43

    Expert Comment

    What version of Java do you have on the machine?  Try 1.5 if you are using a different version.  I know there are issues with 1.6.  It isn't a credential thing as your account has level 15 access if you are able to reload or make changes.  If HTTP access wasn't allowed from your IP address, you wouldn't get as far as you are getting but you can do a "show run http" to verify your IP has access via ASDM.

    Accepted Solution

    Ok , solved it!!!!
    If you got to asa telnet and type "show run" it will show you the use rs and their privileges...
    the admin user I was using had "0" privilege, that was the reason I had no rules and "out of sync " message. I created a new user on the telnet, gave him "15" on privilege and tada..Can see everything on ASDM.
    Thank you for you replies.
    LVL 43

    Expert Comment

    Good deal.  I assumed the account you were using had level 15 access.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now