Getting ASDM working on ASA5505

hey guys, i am tring to get the ASDM working on my ASA firewall.  

Having some issues for some reason.

here is my config.

ciscoasa# sh run
: Saved
ASA Version 8.4(1)
hostname ciscoasa
enable password*** encrypted
passwd *** encrypted
interface Vlan1
 nameif inside
 security-level 100
 ip address dhcp
interface Vlan2
 nameif outside
 security-level 0
 no ip address
interface Ethernet0/0
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
object network obj_any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
object network obj_any
 nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0

dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
service-policy global_policy global
prompt hostname context
: end

System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Vlan1                    inside          DHCP
Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method
Vlan1                    inside          DHCP

ciscoasa# sh interface ip br
Interface                  IP-Address      OK? Method Status                Protocol
Internal-Data0/0           unassigned      YES unset  up                    up
Internal-Data0/1           unassigned      YES unset  up                    up
Vlan1               YES DHCP   up                    up
Vlan2                      unassigned      YES unset  down                  down
Virtual0                YES unset  up                    up
Ethernet0/0                unassigned      YES unset  up                    up
Ethernet0/1                unassigned      YES unset  down                  down
Ethernet0/2                unassigned      YES unset  down                  down
Ethernet0/3                unassigned      YES unset  down                  down
Ethernet0/4                unassigned      YES unset  down                  down
Ethernet0/5                unassigned      YES unset  down                  down
Ethernet0/6                unassigned      YES unset  down                  down
Ethernet0/7                unassigned      YES unset  down                  down

I am running ASA841-k8.bin
i have asdm-641.bin
Who is Participating?
Cyclops3590Connect With a Mentor Commented:
while i research that, I came across this url where you can get a free 3des/aes license.  might want to try that.
first tftp an asdm image to the asa (looks like you already did that)

then run the following commands

http server enable
http inside
asdm image flash:/asdm-641.bin

that should enable any clients from inside network to have access to ASDM configuration
btw, i'd make the inside IP static for one.  so when you go to it doesn't come up with anything?
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

sterudpaAuthor Commented:
that did not work.

i can ping the
i did a port scan and it is up, and it can see port 443

i did a wireshark capture and i am getting a "Handshake failure"
sterudpaAuthor Commented:
37      16.990504      TLSv1      61      Alert (Level: Fatal, Description: Handshake Failure)
that's odd.  handshake denotes its failing during SSL negotiation. perhaps client doesn't like options it has with what the asa is offering

try the following or attempt a different browser (what are you using anyway?)

ssl encryption aes256-sha1
sterudpaAuthor Commented:
i get this error:

The 3DES/AES algorithms require a VPN-3DES-AES activation key.
hmmm.  because what I'm thinking is going on here is that single des is used for the cert and the client is rejecting it due to its insecure nature thus a handshake can't be formed since the asa can't do any of the options the client will accept.

which browser are you running?  we may need to lower the browser security to allow it to communicate to the asa
sterudpaAuthor Commented:
using ie 8
also, see if firefox brings it up.
sterudpaAuthor Commented:
that was fantastic!  this link for the key was the winner!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.