Solved

Cisco ASDM won't authenticate with my ASA 5505.

Posted on 2013-11-21
5
1,773 Views
Last Modified: 2013-11-30
Hello all,

I am having trouble accessing my company's ASA 5505 via the ASDM launcher.  It worked in the past and then one day it didn't.  I've read where updating to Java SE 7 will break the ability to use the ASDM, so I downgraded to Java 6 and the ASDM will attempt to connect now, but now I have a different problem.  It pops up a separate login window asking again for my credentials, but it will not accept them.


Here is the output from the ASDM Java Console:
Java Web Start 1.6.0_18
Using JRE version 1.6.0_18-b07 Java HotSpot(TM) Client VM
User home directory = C:\Users\ckilmer
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
m:   print memory usage
o:   trigger logging
p:   reload proxy configuration
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
ASDM Application Logging Started at Thu Nov 21 16:04:38 CST 2013
---------------------------------------------
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
OK button clicked
Trying for ASDM Version file; url = https://198.87.118.1/admin/

Open in new window


The ASDM just keeps asking for my credentials.

Any help would be greatly appreciated.
0
Comment
Question by:CKilmer1975
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 14

Expert Comment

by:binaryevo
ID: 39668648
Have you tried power cycling the Asa.  Sometimes I've found the 5505s can get "stuck".
0
 

Author Comment

by:CKilmer1975
ID: 39669985
Yes, I've power cycled it.  Also, I forgot to mention, I get the same issue trying to log in via a web browser, no matter what browser I use.  It won't even display the page.
0
 

Author Comment

by:CKilmer1975
ID: 39675271
Okay, here is an update.  I've been able to log into the ASA via the ASDM using the credentials that our contracted external Support company uses to log into it.  I still cannot login with my local credentials.  I was able to in the past and nothing has changed on my end.

My user has privilege level 15, and Command Authorization "IS" enabled for the LOCAL Server group which this user is a part of.  "Enable HTTP Server" is also checked for the inside interface.

ASDM version: 5.2(3)
ASA Version: 7.2(3)
0
 

Accepted Solution

by:
CKilmer1975 earned 0 total points
ID: 39676269
Update:  This issue has been resolved by myself.  It turns a change had been made to "AAA Access" without my knowledge.  The original setup was using the LOCAL database for authentication of an admin user but had been changed to authenticating against a tacacs+ server which my admin user did not have an account on.  

Background:  When I started at my company they had been contracting with an external IT support company who provided their systems administration.  Since I started here, they downgraded the external IT company to occasional support when needed as we phase them out completely.  For some unknown reason in the last month they decided to change how AAA Access was accomplished, and didn't think it prudent to let us know they did it.  On the bright side, I learned quite a lot about the ASA 5505 hunting down this resolution.
0
 

Author Closing Comment

by:CKilmer1975
ID: 39686692
I solved this issue on my own.  Changes were made to our ASA 5505 by a contracted IT Support company without my knowledge.  The issue was that the contractor changed 'AAA Access' to use a tacacs+ server for authentication rather than the original LOCAL database setting.  That change locked me out of my own equipment.  Using the contractor's tacacs+ credentials, I was able to log in and change the 'AAA Access' settings back to their original setting.  I was then allowed to login with my own credentials.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question