We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Rules lists are empty...but everything is working??

siltech asked
Medium Priority
Last Modified: 2012-05-06
Hello experts.
I wanted to change a couple of access rules on my cisco asa firewall, but when i loaded the asdm  interface all the rules lists were empty!!!
Oddly everything is working, if you try to monitor top 10 access rules you get "n/a config out of sync" on both dest and sorc.
if you want to enable loggin you get : \
[ERROR] logging asdm Informational
logging asdm Informational
 % Invalid input detected at '^' marker.

ASDM v is 6.1
ASA ver: Cisco ASA-5505
I tried to restart both the asa and the server, same results.
Uninstalled the ASDM and the java and reinstalled it...still no luck.
Tried to search experts and google, nothing...
Help..ran out of ideas.
Thank you
Watch Question

Top Expert 2009

Can you post a "show version"?


Result of the command: "show version"

Cisco Adaptive Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(2)

Compiled on Fri 15-Jun-07 19:29 by builders
System image file is "disk0:/asa802-k8.bin"
Config file at boot was "startup-config"

domain-xxx up 11 hours 28 mins

Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
 0: Int: Internal-Data0/0    : address is 001f.9e1f.6664, irq 11
 1: Ext: Ethernet0/0         : address is 001f.9e1f.665c, irq 255
 2: Ext: Ethernet0/1         : address is 001f.9e1f.665d, irq 255
 3: Ext: Ethernet0/2         : address is 001f.9e1f.665e, irq 255
 4: Ext: Ethernet0/3         : address is 001f.9e1f.665f, irq 255
 5: Ext: Ethernet0/4         : address is 001f.9e1f.6660, irq 255
 6: Ext: Ethernet0/5         : address is 001f.9e1f.6661, irq 255
 7: Ext: Ethernet0/6         : address is 001f.9e1f.6662, irq 255
 8: Ext: Ethernet0/7         : address is 001f.9e1f.6663, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces  : 8        
VLANs                        : 3, DMZ Restricted
Inside Hosts                 : Unlimited
Failover                     : Disabled
VPN-DES                      : Enabled  
VPN-3DES-AES                 : Enabled  
VPN Peers                    : 10        
WebVPN Peers                 : 2        
Dual ISPs                    : Disabled  
VLAN Trunk Ports             : 0        
Advanced Endpoint Assessment : Disabled  

This platform has a Base license.

Serial Number: JMX1208Z2A3
Running Activation Key: 0xb829715a 0xf43b8469 0x50e3a100 0xae18f4ec 0xc920e799
Configuration register is 0x1
Configuration last modified by admin at 19:47:07.799 UTC Mon Feb 9 2009

if i telnet the firewall i can see everything, all the rules all the interfaces.

Top Expert 2009

Can you post a "show run asdm" and a "dir flash:"


Result of the command: "show run asdm"

show run asdm
ERROR: % Invalid input detected at '^' marker.

Result of the command: "dir flash"

dir flash
ERROR: % Invalid input detected at '^' marker.



I tried the same commands in telnet:
show run asdm:
asdm image disk0:/asdm-602.bin
no asdm history enable

dir flash:

Directory of disk0:/

69     -rwx  8386560     08:06:02 Feb 22 2008  asa723-k8.bin
70     -rwx  4181246     08:06:26 Feb 22 2008  securedesktop-asa-
71     -rwx  398305      08:06:40 Feb 22 2008  sslclient-win-
72     -rwx  6287244     08:08:10 Feb 22 2008  asdm-523.bin
6      drwx  4096        14:58:12 Apr 10 2008  crypto_archive
74     -rwx  6889764     08:28:42 Apr 10 2008  asdm-602.bin
75     -rwx  14524416    08:54:16 Apr 10 2008  asa802-k8.bin
2      drwx  4096        09:43:38 Apr 10 2008  log
76     -rwx  2206062     07:26:20 Apr 14 2008  sslclient-win-

126849024 bytes total (82898944 bytes free)

Top Expert 2009

Okay, has this worked before?  Did you just upgrade to 8.0(2) and 6.02 ASDM?  Try rebooting the ASA. Have you tried accessing ASDM via a different PC?


It worked before.
I would upgrate if I had the cisco.com user name and password.
Tried to reboot, what happened was mails stopped going out because the rules updated ( apparently somebody changed them but never rebooted...). So had to add another rule to let smtp out.
Just tried from another PC...same thing


Is it possible that the account I am using doesnt have enough rights to actually see the rules? (( the account works fine on telnet console))
Top Expert 2009

What version of Java do you have on the machine?  Try 1.5 if you are using a different version.  I know there are issues with 1.6.  It isn't a credential thing as your account has level 15 access if you are able to reload or make changes.  If HTTP access wasn't allowed from your IP address, you wouldn't get as far as you are getting but you can do a "show run http" to verify your IP has access via ASDM.
Ok , solved it!!!!
If you got to asa telnet and type "show run" it will show you the use rs and their privileges...
the admin user I was using had "0" privilege, that was the reason I had no rules and "out of sync " message. I created a new user on the telnet, gave him "15" on privilege and tada..Can see everything on ASDM.
Thank you for you replies.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Top Expert 2009

Good deal.  I assumed the account you were using had level 15 access.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.