Solved

How to configure ASA ASDM

Posted on 2010-08-17
11
1,727 Views
Last Modified: 2012-05-10
I'm trying to get ASDM activated on my ASA, but I'm having trouble.  I've configured the following:

asdm image disk0:asdm-631.bin.
http server enable.
http 0.0.0.0 0.0.0.0 inside

but I still cannot access the ASDM from the inside network.

FYI: The system runs fine otherwise, is accessible from telnet inside and is running software version 8.3(1)

Am I missing something?
0
Comment
Question by:tballin
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33458545
Is the asdm image loaded? If so the version is shown with the "show version"-command.

/Kvistofta
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33459312
Hi,

You need asdm image on flash:

CiscoASA# dir

Directory of disk0:/
132    -rwx  14240396    15:41:06 Mar 25 2010  asdm-631.bin

after you need to enable asdm:

asdm image disk0:/asdm-631.bin
asdm history enable
http server enable
http 0.0.0.0 0.0.0.0 inside
aaa authentication http console LOCAL
0
 

Author Comment

by:tballin
ID: 33459414
Yes, the ASDM image is on the flash and the config above had already been added.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 33459948
How are you trying to access it? Through ASDM itself, or from HTTPS?
What type of error do you receive? Page not found, or??

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 33462858
Cannot Access PIX / ASA  ASDM

Make sure the problem is NOT on your client machine first.

1. First make sure you have Java installed
2. If you’re using a new version of java (Above Version 6 update 12) then downgrade your version.
3. Make sure your using Internet Explorer/Firefox or Mozilla.
4. Make sure you are NOT trying to access the ADSM through a proxy server.
5. Can another PC access the ADSM?
6. If the ADSM Opens but will not launch properly > File > Clear ASDM Cache > Clear internal Log Buffer > Refresh Running Configuration with


Before you proceed make sure that the ASDM has been enabled.

1. Connect to the firewall either by SSH/Telnet/Console Cable.
2. Issue an "enable" command and enter the enable password.
3. Issue a show run command and make sure that you see the following in the running configuration on the device.

Http server enable

Note If you see "no http server enable" then its disabled and you need to go to "Configure Terminal" mode and issue a "http server enable" command.
Note If you see "http server enable {a number}" then it has been set up on a different port number and needs to be accesses via https://ip address:{a

number}

4. Providing the server is enabled you need to ensure that you have been granted access to it you can grant access to a network or an individual host.
5. Ensure the IP address you are trying to open the ASDM from is included in the config, i.e.

Http 192.168.1.1 255.255.255.255 inside <- Will allow this one client
or
http 192.168.1.0 255.255.255.0 inside <- Will allow the entire network

Note if you are outside the firewall yours should say "outside" not "inside".

6. Next make sure the Firewall is looking at the correct file to launch its ADSM look for the following,



ON AN ASA FIREWALL
asdm image disk0:/asdm-522.bin
asdm image disk0:/asdm-613.bin etc

if that command is missing or wrong you won’t be able to launch the ASDM either to make sure that the file exists issue a "show flash" command,

Firewall# show flash
Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
  6 5511168    Jan 01 2003 00:07:10 asa707-k8.bin
  7 0          May 15 2008 05:37:16 crypto_archive
  8 6161700    May 15 2008 05:40:24 asdm-507.bin
 11 8312832    Aug 20 2008 08:51:02 asa722-k8.bin
 12 5623108    Aug 20 2008 08:53:04 asdm-522.bin

229728256 bytes available (25698304 bytes used)

Make sure the Version referenced actually exists in the flash memory.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 17

Expert Comment

by:Kvistofta
ID: 33463322
Is it actually loaded? See my previous comment?

/Kvistofta
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33464072
is there any  filter list configred on ur inside interface that preventing the management access ?.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33464228
Management traffic bypasses acl.

/Kvistofta
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33464229
Management traffic bypasses acl.

/Kvistofta
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33464359
disable browser proxy and try ( or bypass the mgmt ip )

disable firewall client  on PC;if any

0
 

Accepted Solution

by:
tballin earned 0 total points
ID: 33617711
Apparently, the asdm image was corrupted during upload - Uploading the image again corrected the problem.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now