Getting ASDM working on ASA5505

hey guys, i am tring to get the ASDM working on my ASA firewall.  

Having some issues for some reason.

here is my config.

ciscoasa# sh run
: Saved
:
ASA Version 8.4(1)
!
hostname ciscoasa
enable password*** encrypted
passwd *** encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address dhcp
!
interface Vlan2
 nameif outside
 security-level 0
 no ip address
!
interface Ethernet0/0
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
object network obj_any
 subnet 0.0.0.0 0.0.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
!
object network obj_any
 nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:5fd847168f67806b7fb4291a3cf74eb7
: end
ciscoasa#


System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Vlan1                    inside                 192.168.1.127   255.255.255.0   DHCP
Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Vlan1                    inside                 192.168.1.127   255.255.255.0   DHCP


ciscoasa# sh interface ip br
Interface                  IP-Address      OK? Method Status                Protocol
Internal-Data0/0           unassigned      YES unset  up                    up
Internal-Data0/1           unassigned      YES unset  up                    up
Vlan1                      192.168.1.127   YES DHCP   up                    up
Vlan2                      unassigned      YES unset  down                  down
Virtual0                   127.0.0.1       YES unset  up                    up
Ethernet0/0                unassigned      YES unset  up                    up
Ethernet0/1                unassigned      YES unset  down                  down
Ethernet0/2                unassigned      YES unset  down                  down
Ethernet0/3                unassigned      YES unset  down                  down
Ethernet0/4                unassigned      YES unset  down                  down
Ethernet0/5                unassigned      YES unset  down                  down
Ethernet0/6                unassigned      YES unset  down                  down
Ethernet0/7                unassigned      YES unset  down                  down


I am running ASA841-k8.bin
i have asdm-641.bin
LVL 1
sterudpaAsked:
Who is Participating?
 
Cyclops3590Connect With a Mentor Commented:
while i research that, I came across this url where you can get a free 3des/aes license.  might want to try that.

https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=139
0
 
Cyclops3590Commented:
first tftp an asdm image to the asa (looks like you already did that)

then run the following commands

http server enable
http 0.0.0.0 0.0.0.0 inside
asdm image flash:/asdm-641.bin

that should enable any clients from inside network to have access to ASDM configuration
0
 
Cyclops3590Commented:
btw, i'd make the inside IP static for one.  so when you go to https://192.168.1.127/ it doesn't come up with anything?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
sterudpaAuthor Commented:
that did not work.

i can ping the 192.168.1.127
i did a port scan and it is up, and it can see port 443

i did a wireshark capture and i am getting a "Handshake failure"
0
 
sterudpaAuthor Commented:
37      16.990504      192.168.1.127      192.168.1.12      TLSv1      61      Alert (Level: Fatal, Description: Handshake Failure)
0
 
Cyclops3590Commented:
that's odd.  handshake denotes its failing during SSL negotiation. perhaps client doesn't like options it has with what the asa is offering

try the following or attempt a different browser (what are you using anyway?)

ssl encryption aes256-sha1
0
 
sterudpaAuthor Commented:
i get this error:

The 3DES/AES algorithms require a VPN-3DES-AES activation key.
0
 
Cyclops3590Commented:
hmmm.  because what I'm thinking is going on here is that single des is used for the cert and the client is rejecting it due to its insecure nature thus a handshake can't be formed since the asa can't do any of the options the client will accept.

which browser are you running?  we may need to lower the browser security to allow it to communicate to the asa
0
 
sterudpaAuthor Commented:
using ie 8
0
 
Cyclops3590Commented:
also, see if firefox brings it up.
0
 
sterudpaAuthor Commented:
that was fantastic!  this link for the key was the winner!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.