mail_mave
asked on
Unable to login via ASDM
Hello all,
I am unable to log into my offices ASA 5510 via ASDM, I can only log into the box via a console cable. We have acquired this firewall from our old ISP but now we manage it. However, due to lack of ASDM access my functionality is quite limited.
I have tried all 5 physical ports (including the management) to log in, but to no avail. Please find the config enclosed. I am sure that your expert brains will point me in the right direction.
Cheers,
Mave
PS: x in the config is used to replace a public IP address ;)Asa-Config.txt
I am unable to log into my offices ASA 5510 via ASDM, I can only log into the box via a console cable. We have acquired this firewall from our old ISP but now we manage it. However, due to lack of ASDM access my functionality is quite limited.
I have tried all 5 physical ports (including the management) to log in, but to no avail. Please find the config enclosed. I am sure that your expert brains will point me in the right direction.
Cheers,
Mave
PS: x in the config is used to replace a public IP address ;)Asa-Config.txt
ASKER
Hi,
Yep, 10.0.0.0 /24 is my LAN
I will get back to you on "sh cryp key my rsa ?"
Yep, 10.0.0.0 /24 is my LAN
I will get back to you on "sh cryp key my rsa ?"
@mail_mave,
Looking at the configuration for the Management port below it seems that you can connect to it if you have DHCP enabled on your system setting from where you are connecting.
==========================
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
http server enable
http 192.168.1.0 255.255.255.0 management
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
==========================
Sudeep
Looking at the configuration for the Management port below it seems that you can connect to it if you have DHCP enabled on your system setting from where you are connecting.
==========================
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
http server enable
http 192.168.1.0 255.255.255.0 management
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
==========================
Sudeep
Hi, let me know. It could be you have to (re)generate that key to make it work.
ASKER
@ SSharma
Hi,
DHCP is enabled on the management port, but still unable to access via ASDM.
Hi,
DHCP is enabled on the management port, but still unable to access via ASDM.
ASKER
@erniebeek
"sh cryp key my rsa"
Shows my current RSA key, used for SSL vpn.
But, unfortunately I am still unable to access via ASDM.
When I browse to the ASA via web-bowser, it says :-
1. Certificate error, click continue (not safe) warning...
2. When I click on that, I get a 404 "web page not found"
"sh cryp key my rsa"
Shows my current RSA key, used for SSL vpn.
But, unfortunately I am still unable to access via ASDM.
When I browse to the ASA via web-bowser, it says :-
1. Certificate error, click continue (not safe) warning...
2. When I click on that, I get a 404 "web page not found"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As ernie commented, if you have a very old version, then ASDM is not supported, and you will need to upgrade the asa Firmware first via Tftp
I think that you need at least 8.1 firmware for ASA to use ASDM, but you can check the Cisco site regarding supported versions.
I hope this helps !
I think that you need at least 8.1 firmware for ASA to use ASDM, but you can check the Cisco site regarding supported versions.
I hope this helps !
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One other thought, ASDM requires Java but the older routers wil not work with current Java versions. We use jre-1_5_0_22-windows-i586-
http://www.oracle.com/technetwork/java/archive-139210.html
http://www.oracle.com/technetwork/java/archive-139210.html
ASKER
Thanks for the help guys, it was a wrong image on the ASA
Changed the image to get this working.
Cheers,
AS
Changed the image to get this working.
Cheers,
AS
http server enable
http 10.0.0.0 255.255.255.0 LAN
Is 10.0.0.0/24 the correct LAN range?
What do you see if you issue: sh cryp key my rsa ?