Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Course Of The Month
7 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Unable to login to the web interface of CSC SSM-10 Secuirity Module on my ASA 5510
Posted on 2013-05-24
I have a Cisco ASA 5510 with the ASA-SSM-CSC-10-K9 Security Services Module. I can successfully logon to the ASA from both the CLI and the ASDM. I can successfully logon to the CSC SSM-10 using the CLI interface & the ASDM.
I CANNOT logon to the CSC SSM-10 web management interface. I see the logon page with no problems however when I enter my CSC SSM-10 password (which works fine from the CLI and the ASDM) it simply returns to the logon page as if I have entered an incorrect password. My understanding is that the CSC SSM-10 password should be the same whether I'm using the CLI, ASDM or web management interface. My subscription has expired however I should still be able to use the device with the knowledge that signatures will not be updated.
As a side note the CSC SSM-10 module is displaying some odd behavior. When I change a value in the CSC SSM-10 module using the CLI OR the ASDM I can successfully enter new values but then when I refresh the interface the old values are still there. This is the output that I am seeing:
cp: unable to remove `/etc/network.conf': Read-only file system
cp: unable to remove `/etc/network.conf': Read-only file system
cp: unable to remove `/etc/network.conf': Read-only file system
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
keytool error: java.lang.Exception: Key pair not generated, alias <tomcat> already exists
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
chmod: /opt/trend/isvw/config/mai
chown: /opt/trend/isvw/config/mai
Applying network settings ...
I CANNOT logon to the CSC SSM-10 web management interface. I see the logon page with no problems however when I enter my CSC SSM-10 password (which works fine from the CLI and the ASDM) it simply returns to the logon page as if I have entered an incorrect password. My understanding is that the CSC SSM-10 password should be the same whether I'm using the CLI, ASDM or web management interface. My subscription has expired however I should still be able to use the device with the knowledge that signatures will not be updated.
As a side note the CSC SSM-10 module is displaying some odd behavior. When I change a value in the CSC SSM-10 module using the CLI OR the ASDM I can successfully enter new values but then when I refresh the interface the old values are still there. This is the output that I am seeing:
cp: unable to remove `/etc/network.conf': Read-only file system
cp: unable to remove `/etc/network.conf': Read-only file system
cp: unable to remove `/etc/network.conf': Read-only file system
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
/opt/trend/isvw/bin/setup.
keytool error: java.lang.Exception: Key pair not generated, alias <tomcat> already exists
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/ma
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
cp: unable to remove `/opt/trend/isvw/config/we
chmod: /opt/trend/isvw/config/mai
chown: /opt/trend/isvw/config/mai
Applying network settings ...
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
4
8 Comments
Active today
Pls see this
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/csc8.html#wp1046652
Cannot Log On
You specified an administrator password when you installed Trend Micro InterScan for Cisco CSC SSM with the Setup Wizard. You must use the password you created during installation to log in, which is not the same password that you use to access ASDM. Passwords are case-sensitive; be sure you have entered the characters correctly.
Another is to first use the show module, show module 1, and show module 1 details commands to verify that the CSC SSM has been activated successfully.
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/csc8.html#wp1091896
Enter the following command to view the status of the SSM card:
hostname(config)# show module 1
Enter the following command to view the state for each individual process:
hostname(config)# show module 1 details
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/csc8.html#wp1046652
Cannot Log On
You specified an administrator password when you installed Trend Micro InterScan for Cisco CSC SSM with the Setup Wizard. You must use the password you created during installation to log in, which is not the same password that you use to access ASDM. Passwords are case-sensitive; be sure you have entered the characters correctly.
Another is to first use the show module, show module 1, and show module 1 details commands to verify that the CSC SSM has been activated successfully.
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/csc8.html#wp1091896
Enter the following command to view the status of the SSM card:
hostname(config)# show module 1
Enter the following command to view the state for each individual process:
hostname(config)# show module 1 details
Please read my post carefully. There are 3 methods with which you can access the SSM-10. Through Telnet (CLI), the ASDM or the web management interface. I CAN log on to the SSM-10 using 2 of them (CLI and the ASSM). I cannot log on using the web interface. No where in the documentation do I read anything that would suggest that the web management interface has a different login than the CLI OR ASDM.
Active today
noted - maybe useful if fiddler web proxy is set up to see if the http req / resp packet capture as you try to login from the browser. quick try is using different browser (FF, IE, Chrome) too. also another suspicions is the SSL transaction and server certificate for the login (https) page
Thanks for your prompt reply. I have previously tried all of your suggestions with no success. Why, after making simple changes to the configuration are they not being saved? Please remember that the only way I can make changes is by successfully being logged on to the SSM-10 (through the CLI)
Active today
thanks for sharing. Looks like the log is most alluding to Trend Micro repository ...
I was drilling to find more CSC SSM relevant info as below and it may render the need to escalate to Cisco TAC since you cover most ground fact findings. There is a diagram (fig 64-2) in the link below of recommended dedicated mgmt lan
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/modules_csc.html
Likewise on the section on "connecting to CSC SSM" which you may already know
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/modules_csc.html#wp1118815
The CSC SSM has a password that is maintained separately from the ASDM password. You can configure the two passwords to be identical, but changing the CSC SSM password does not affect the ASDM password.
I was thinking of resetting port access (though I know you can access CSC SSM via ADSM) which you may also have done too...
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/cscappb.html#wp1069518
I was drilling to find more CSC SSM relevant info as below and it may render the need to escalate to Cisco TAC since you cover most ground fact findings. There is a diagram (fig 64-2) in the link below of recommended dedicated mgmt lan
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/modules_csc.html
Likewise on the section on "connecting to CSC SSM" which you may already know
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/modules_csc.html#wp1118815
The CSC SSM has a password that is maintained separately from the ASDM password. You can configure the two passwords to be identical, but changing the CSC SSM password does not affect the ASDM password.
I was thinking of resetting port access (though I know you can access CSC SSM via ADSM) which you may also have done too...
http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/cscappb.html#wp1069518
Your research into this issue seems very thorough. Unfortunately I have tried all of the recommended solutions listed above to no avail. At this point in time I am thinking that I have a hardware failure of some type.
Thanks for your help
Thanks for your help
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to thoā¦
Both in life and business ā not all partnerships are created equal.
As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties ā¦
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This videā¦
- Document Management
- Printers and Scanners
- Document Imaging
- Software-Other
- Images and Photos
- Adobe Acrobat, Photos / Graphics Software, Security, OCR, *PDF
Suggested Courses
Course of the Month7 days, 15 hours left to enroll
729 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.