Solved

Cisco ASA 5505 - Unable to access ASDM

Posted on 2013-12-02
4
10,672 Views
Last Modified: 2013-12-04
I've got a cisco asa 5505, running ASA version 9.1.3 and ASDM version 7.1.4. I've issued "write erase" reload the device, then issue "config factory-default". I save the config using "wr" and reload again.

I am unable for the life of me to login to the ASDM using a blank username and password.

I've tried to create a user with level 15 privileges, and login that way, but it's not working either.

I found on cisco's website: http://www.cisco.com/en/US/docs/security/asdm/7_1/release/notes/rn71.html

ASDM login issue in 9.1(3) and later—You can no longer log into ASDM with no username and the enable password. You must configure ASDM AAA authentication (Configuration > Device Management > Users/AAA > AAA Access > Authentication and associated username configuration) and/or ASDM certificate authentication (Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH). Before you upgrade to 9.1(3), be sure to configure one of these authentication methods. (CSCuj50862)

How am I supposed to do that if I can't access the asdm?

Any ideas??
0
Comment
Question by:Wetjet
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39692078
After creating the user, did you also add something like:

http server enable
http 192.168.1.0 255.255.255.0 inside
0
 
LVL 16

Accepted Solution

by:
InteraX earned 500 total points
ID: 39692961
Once you've done all of the abopve, enter the following on the command line. This will enable user based authentication for all interactive management. The LOCAL refers to the local database which is where users you create on the command line are created.

aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
0
 

Author Comment

by:Wetjet
ID: 39693293
I did add the lines:

http server enable
http 192.168.1.0 255.255.255.0 inside


But I hadn't added:

aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL


After doing so, I'm able to log in.

Thank you InteraX!
0
 
LVL 16

Expert Comment

by:InteraX
ID: 39694975
TBH, the only command you needed to get local user authentication working was

aaa authentication http console LOCAL

The other commands setup local user authentication for ssh, telnet, serial types of access and also will require the user password for moving into enable mode from the command line.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question