Solved

Cisco ASDM won't authenticate with my ASA 5505.

Posted on 2013-11-21
5
1,678 Views
Last Modified: 2013-11-30
Hello all,

I am having trouble accessing my company's ASA 5505 via the ASDM launcher.  It worked in the past and then one day it didn't.  I've read where updating to Java SE 7 will break the ability to use the ASDM, so I downgraded to Java 6 and the ASDM will attempt to connect now, but now I have a different problem.  It pops up a separate login window asking again for my credentials, but it will not accept them.


Here is the output from the ASDM Java Console:
Java Web Start 1.6.0_18
Using JRE version 1.6.0_18-b07 Java HotSpot(TM) Client VM
User home directory = C:\Users\ckilmer
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
m:   print memory usage
o:   trigger logging
p:   reload proxy configuration
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
ASDM Application Logging Started at Thu Nov 21 16:04:38 CST 2013
---------------------------------------------
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
OK button clicked
Trying for ASDM Version file; url = https://198.87.118.1/admin/

Open in new window


The ASDM just keeps asking for my credentials.

Any help would be greatly appreciated.
0
Comment
Question by:CKilmer1975
  • 4
5 Comments
 
LVL 14

Expert Comment

by:binaryevo
Comment Utility
Have you tried power cycling the Asa.  Sometimes I've found the 5505s can get "stuck".
0
 

Author Comment

by:CKilmer1975
Comment Utility
Yes, I've power cycled it.  Also, I forgot to mention, I get the same issue trying to log in via a web browser, no matter what browser I use.  It won't even display the page.
0
 

Author Comment

by:CKilmer1975
Comment Utility
Okay, here is an update.  I've been able to log into the ASA via the ASDM using the credentials that our contracted external Support company uses to log into it.  I still cannot login with my local credentials.  I was able to in the past and nothing has changed on my end.

My user has privilege level 15, and Command Authorization "IS" enabled for the LOCAL Server group which this user is a part of.  "Enable HTTP Server" is also checked for the inside interface.

ASDM version: 5.2(3)
ASA Version: 7.2(3)
0
 

Accepted Solution

by:
CKilmer1975 earned 0 total points
Comment Utility
Update:  This issue has been resolved by myself.  It turns a change had been made to "AAA Access" without my knowledge.  The original setup was using the LOCAL database for authentication of an admin user but had been changed to authenticating against a tacacs+ server which my admin user did not have an account on.  

Background:  When I started at my company they had been contracting with an external IT support company who provided their systems administration.  Since I started here, they downgraded the external IT company to occasional support when needed as we phase them out completely.  For some unknown reason in the last month they decided to change how AAA Access was accomplished, and didn't think it prudent to let us know they did it.  On the bright side, I learned quite a lot about the ASA 5505 hunting down this resolution.
0
 

Author Closing Comment

by:CKilmer1975
Comment Utility
I solved this issue on my own.  Changes were made to our ASA 5505 by a contracted IT Support company without my knowledge.  The issue was that the contractor changed 'AAA Access' to use a tacacs+ server for authentication rather than the original LOCAL database setting.  That change locked me out of my own equipment.  Using the contractor's tacacs+ credentials, I was able to log in and change the 'AAA Access' settings back to their original setting.  I was then allowed to login with my own credentials.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now