Solved

Cisco ASDM won't authenticate with my ASA 5505.

Posted on 2013-11-21
5
1,728 Views
Last Modified: 2013-11-30
Hello all,

I am having trouble accessing my company's ASA 5505 via the ASDM launcher.  It worked in the past and then one day it didn't.  I've read where updating to Java SE 7 will break the ability to use the ASDM, so I downgraded to Java 6 and the ASDM will attempt to connect now, but now I have a different problem.  It pops up a separate login window asking again for my credentials, but it will not accept them.


Here is the output from the ASDM Java Console:
Java Web Start 1.6.0_18
Using JRE version 1.6.0_18-b07 Java HotSpot(TM) Client VM
User home directory = C:\Users\ckilmer
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
m:   print memory usage
o:   trigger logging
p:   reload proxy configuration
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
ASDM Application Logging Started at Thu Nov 21 16:04:38 CST 2013
---------------------------------------------
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
OK button clicked
Trying for ASDM Version file; url = https://198.87.118.1/admin/

Open in new window


The ASDM just keeps asking for my credentials.

Any help would be greatly appreciated.
0
Comment
Question by:CKilmer1975
  • 4
5 Comments
 
LVL 14

Expert Comment

by:binaryevo
ID: 39668648
Have you tried power cycling the Asa.  Sometimes I've found the 5505s can get "stuck".
0
 

Author Comment

by:CKilmer1975
ID: 39669985
Yes, I've power cycled it.  Also, I forgot to mention, I get the same issue trying to log in via a web browser, no matter what browser I use.  It won't even display the page.
0
 

Author Comment

by:CKilmer1975
ID: 39675271
Okay, here is an update.  I've been able to log into the ASA via the ASDM using the credentials that our contracted external Support company uses to log into it.  I still cannot login with my local credentials.  I was able to in the past and nothing has changed on my end.

My user has privilege level 15, and Command Authorization "IS" enabled for the LOCAL Server group which this user is a part of.  "Enable HTTP Server" is also checked for the inside interface.

ASDM version: 5.2(3)
ASA Version: 7.2(3)
0
 

Accepted Solution

by:
CKilmer1975 earned 0 total points
ID: 39676269
Update:  This issue has been resolved by myself.  It turns a change had been made to "AAA Access" without my knowledge.  The original setup was using the LOCAL database for authentication of an admin user but had been changed to authenticating against a tacacs+ server which my admin user did not have an account on.  

Background:  When I started at my company they had been contracting with an external IT support company who provided their systems administration.  Since I started here, they downgraded the external IT company to occasional support when needed as we phase them out completely.  For some unknown reason in the last month they decided to change how AAA Access was accomplished, and didn't think it prudent to let us know they did it.  On the bright side, I learned quite a lot about the ASA 5505 hunting down this resolution.
0
 

Author Closing Comment

by:CKilmer1975
ID: 39686692
I solved this issue on my own.  Changes were made to our ASA 5505 by a contracted IT Support company without my knowledge.  The issue was that the contractor changed 'AAA Access' to use a tacacs+ server for authentication rather than the original LOCAL database setting.  That change locked me out of my own equipment.  Using the contractor's tacacs+ credentials, I was able to log in and change the 'AAA Access' settings back to their original setting.  I was then allowed to login with my own credentials.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question