hoggiee
asked on
Cisco ASDM: Unable to read configuration from the ASA
ASDM version: v1.5(20)
ASA 5540 7.2(1)
I get the following error message when I try to login to ASDM:
"ASDM is unable to read the configuration from the ASA. Please check the configuration and your connection and then try again by clicking the Refresh icon."
This only happens when I login with a username which has privilege other than 15. When I login with a username which has the highest privilege (15), everything works fine. Any ideas?
ASA 5540 7.2(1)
I get the following error message when I try to login to ASDM:
"ASDM is unable to read the configuration from the ASA. Please check the configuration and your connection and then try again by clicking the Refresh icon."
This only happens when I login with a username which has privilege other than 15. When I login with a username which has the highest privilege (15), everything works fine. Any ideas?
Cannot Access PIX / ASA ASDM
Make sure the problem is NOT on your client machine first.
1. First make sure you have Java installed
2. If you’re using a new version of java (Above Version 6 update 9) then downgrade your version.
3. Make sure your using Internet Explorer/Firefox or Mozilla.
4. Make sure you are NOT trying to access the ADSM through a proxy server.
5. Can another PC access the ADSM?
6. If the ADSM Opens but will not launch properly > File > Clear ASDM Cache > Clear internal Log Buffer > Refresh Running Configuration with
Before you proceed make sure that the ASDM has been enabled.
1. Connect to the firewall either by SSH/Telnet/Console Cable.
2. Issue an "enable" command and enter the enable password.
3. Issue a show run command and make sure that you see the following in the running configuration on the device.
Http server enable
Note If you see "no http server enable" then its disabled and you need to go to "Configure Terminal" mode and issue a "http server enable" command.
Note If you see "http server enable {a number}" then it has been set up on a different port number and needs to be accesses via https://ip address:{a
number}
4. Providing the server is enabled you need to ensure that you have been granted access to it you can grant access to a network or an individual host.
5. Ensure the IP address you are trying to open the ASDM from is included in the config, i.e.
Http 192.168.1.1 255.255.255.255 inside <- Will allow this one client
or
http 192.168.1.0 255.255.255.0 inside <- Will allow the entire network
Note if you are outside the firewall yours should say "outside" not "inside".
6. Next make sure the Firewall is looking at the correct file to launch its ADSM look for the following,
ON A PIX FIREWALL
asdm image flash:/asdm-506.bin
asdm image flash:/asdm-501.bin
ON AN ASA FIREWALL
asdm image disk0:/asdm-522.bin
asdm image disk0:/asdm-613.bin
if that command is missing or wrong you won’t be able to launch the ASDM either to make sure that the file exists issue a "show flash" command,
Firewall# show flash
Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
6 5511168 Jan 01 2003 00:07:10 asa707-k8.bin
7 0 May 15 2008 05:37:16 crypto_archive
8 6161700 May 15 2008 05:40:24 asdm-507.bin
11 8312832 Aug 20 2008 08:51:02 asa722-k8.bin
12 5623108 Aug 20 2008 08:53:04 asdm-522.bin
229728256 bytes available (25698304 bytes used)
Make sure the Version referenced actually exists in the flash memory.
Make sure the problem is NOT on your client machine first.
1. First make sure you have Java installed
2. If you’re using a new version of java (Above Version 6 update 9) then downgrade your version.
3. Make sure your using Internet Explorer/Firefox or Mozilla.
4. Make sure you are NOT trying to access the ADSM through a proxy server.
5. Can another PC access the ADSM?
6. If the ADSM Opens but will not launch properly > File > Clear ASDM Cache > Clear internal Log Buffer > Refresh Running Configuration with
Before you proceed make sure that the ASDM has been enabled.
1. Connect to the firewall either by SSH/Telnet/Console Cable.
2. Issue an "enable" command and enter the enable password.
3. Issue a show run command and make sure that you see the following in the running configuration on the device.
Http server enable
Note If you see "no http server enable" then its disabled and you need to go to "Configure Terminal" mode and issue a "http server enable" command.
Note If you see "http server enable {a number}" then it has been set up on a different port number and needs to be accesses via https://ip address:{a
number}
4. Providing the server is enabled you need to ensure that you have been granted access to it you can grant access to a network or an individual host.
5. Ensure the IP address you are trying to open the ASDM from is included in the config, i.e.
Http 192.168.1.1 255.255.255.255 inside <- Will allow this one client
or
http 192.168.1.0 255.255.255.0 inside <- Will allow the entire network
Note if you are outside the firewall yours should say "outside" not "inside".
6. Next make sure the Firewall is looking at the correct file to launch its ADSM look for the following,
ON A PIX FIREWALL
asdm image flash:/asdm-506.bin
asdm image flash:/asdm-501.bin
ON AN ASA FIREWALL
asdm image disk0:/asdm-522.bin
asdm image disk0:/asdm-613.bin
if that command is missing or wrong you won’t be able to launch the ASDM either to make sure that the file exists issue a "show flash" command,
Firewall# show flash
Initializing disk0: cache, please wait....Done.
-#- --length-- -----date/time------ path
6 5511168 Jan 01 2003 00:07:10 asa707-k8.bin
7 0 May 15 2008 05:37:16 crypto_archive
8 6161700 May 15 2008 05:40:24 asdm-507.bin
11 8312832 Aug 20 2008 08:51:02 asa722-k8.bin
12 5623108 Aug 20 2008 08:53:04 asdm-522.bin
229728256 bytes available (25698304 bytes used)
Make sure the Version referenced actually exists in the flash memory.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As I mentioned in my question, I have problem only with < privilege 15 users. Therefore I think it has nothing to do with the JAVA version on the client PC, or any missing ASDM / HTTP commands in my ASA. After following the guides by cmonteith and anoopkmr, everything works fine. Thanks!
ASDM ver 1.5(20) cannot be ,it has to be minimu asdm521.bin to support ASA version 7.2(1)
see the url : http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/release/notes/asdmrn.html
did u set the below commad on ASA
asdm image flash:asdm-xxx.bin
if any of the above workwround is not working , then try
Uninstall all copies of java from your machine, google search java 1.4.2 and install that and give it a try.