Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco ASDM won't authenticate with my ASA 5505.

Posted on 2013-11-21
5
Medium Priority
?
1,847 Views
Last Modified: 2013-11-30
Hello all,

I am having trouble accessing my company's ASA 5505 via the ASDM launcher.  It worked in the past and then one day it didn't.  I've read where updating to Java SE 7 will break the ability to use the ASDM, so I downgraded to Java 6 and the ASDM will attempt to connect now, but now I have a different problem.  It pops up a separate login window asking again for my credentials, but it will not accept them.


Here is the output from the ASDM Java Console:
Java Web Start 1.6.0_18
Using JRE version 1.6.0_18-b07 Java HotSpot(TM) Client VM
User home directory = C:\Users\ckilmer
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
m:   print memory usage
o:   trigger logging
p:   reload proxy configuration
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
0-5: set trace level to <n>
----------------------------------------------------
ASDM Application Logging Started at Thu Nov 21 16:04:38 CST 2013
---------------------------------------------
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
OK button clicked
Trying for ASDM Version file; url = https://198.87.118.1/admin/

Open in new window


The ASDM just keeps asking for my credentials.

Any help would be greatly appreciated.
0
Comment
Question by:CKilmer1975
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 14

Expert Comment

by:binaryevo
ID: 39668648
Have you tried power cycling the Asa.  Sometimes I've found the 5505s can get "stuck".
0
 

Author Comment

by:CKilmer1975
ID: 39669985
Yes, I've power cycled it.  Also, I forgot to mention, I get the same issue trying to log in via a web browser, no matter what browser I use.  It won't even display the page.
0
 

Author Comment

by:CKilmer1975
ID: 39675271
Okay, here is an update.  I've been able to log into the ASA via the ASDM using the credentials that our contracted external Support company uses to log into it.  I still cannot login with my local credentials.  I was able to in the past and nothing has changed on my end.

My user has privilege level 15, and Command Authorization "IS" enabled for the LOCAL Server group which this user is a part of.  "Enable HTTP Server" is also checked for the inside interface.

ASDM version: 5.2(3)
ASA Version: 7.2(3)
0
 

Accepted Solution

by:
CKilmer1975 earned 0 total points
ID: 39676269
Update:  This issue has been resolved by myself.  It turns a change had been made to "AAA Access" without my knowledge.  The original setup was using the LOCAL database for authentication of an admin user but had been changed to authenticating against a tacacs+ server which my admin user did not have an account on.  

Background:  When I started at my company they had been contracting with an external IT support company who provided their systems administration.  Since I started here, they downgraded the external IT company to occasional support when needed as we phase them out completely.  For some unknown reason in the last month they decided to change how AAA Access was accomplished, and didn't think it prudent to let us know they did it.  On the bright side, I learned quite a lot about the ASA 5505 hunting down this resolution.
0
 

Author Closing Comment

by:CKilmer1975
ID: 39686692
I solved this issue on my own.  Changes were made to our ASA 5505 by a contracted IT Support company without my knowledge.  The issue was that the contractor changed 'AAA Access' to use a tacacs+ server for authentication rather than the original LOCAL database setting.  That change locked me out of my own equipment.  Using the contractor's tacacs+ credentials, I was able to log in and change the 'AAA Access' settings back to their original setting.  I was then allowed to login with my own credentials.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question