Jason Yu
asked on
How to reset the password for Cisco ASDM tool
I have a cisco ASA5505 firewall. I can ssh to it and enter executive mode without problem. But when I run Cisco ASDM tool and want to connect to it, it doesn't let me connect.
Which username I should use for this GUI tool and how to reset the password?
thanks.
Which username I should use for this GUI tool and how to reset the password?
thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
sorry, it's in the unprivilege mode to run the above command.
Got another prompt as follows:
BFD-PIX505(config)# http 10.10.4.39 255.255.252.0
ERROR: entry for address/mask = 10.10.4.39/255.255.252.0 exists
BFD-PIX505(config)#
Got another prompt as follows:
BFD-PIX505(config)# http 10.10.4.39 255.255.252.0
ERROR: entry for address/mask = 10.10.4.39/255.255.252.0 exists
BFD-PIX505(config)#
ASKER
I got the error "Unable to launch device manger from 10.10.4.39"
Please see the attachment.
pix-5505-error.png
Please see the attachment.
pix-5505-error.png
ASKER
BFD-PIX505(config)# http server enable
BFD-PIX505(config)# http 10.10.4.39 255.255.255.255 inside
BFD-PIX505(config)# crypto key generate rsa modulus 1024
Invalid keyword: "key"
BFD-PIX505(config)# crypto keygenerate rsa modulus 1024
Invalid keyword: "keygenerate"
BFD-PIX505(config)#
BFD-PIX505(config)# http 10.10.4.39 255.255.255.255 inside
BFD-PIX505(config)# crypto key generate rsa modulus 1024
Invalid keyword: "key"
BFD-PIX505(config)# crypto keygenerate rsa modulus 1024
Invalid keyword: "keygenerate"
BFD-PIX505(config)#
Can you check if a compatible ASDM image is on the flash?
show asdm image
show asdm image
ASKER
BFD-PIX505(config)# write mem
Building configuration...
Cryptochecksum: fbd3efd9 f11844e1 ffd12557 660b5a6d
[OK]
BFD-PIX505(config)# clear arp
BFD-PIX505(config)# show asdm image
Type help or '?' for a list of available commands.
BFD-PIX505(config)#
It looks like not.
Building configuration...
Cryptochecksum: fbd3efd9 f11844e1 ffd12557 660b5a6d
[OK]
BFD-PIX505(config)# clear arp
BFD-PIX505(config)# show asdm image
Type help or '?' for a list of available commands.
BFD-PIX505(config)#
It looks like not.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
BFD-PIX505(config)# show flash
flash file system: version:3 magic:0x12345679
file 0: origin: 0 length:1966136
file 1: origin: 2621440 length:5643
file 2: origin: 2752512 length:1923
file 3: origin: 0 length:0
file 4: origin: 0 length:0
file 5: origin: 8257536 length:308
BFD-PIX505(config)#
flash file system: version:3 magic:0x12345679
file 0: origin: 0 length:1966136
file 1: origin: 2621440 length:5643
file 2: origin: 2752512 length:1923
file 3: origin: 0 length:0
file 4: origin: 0 length:0
file 5: origin: 8257536 length:308
BFD-PIX505(config)#
ASKER
on my another firewall, it shows this kind of results:
pix515e(config)# show flash
Directory of flash:/
4 -rw- 1894 07:27:21 Nov 04 2005 downgrade.cfg
7 -rw- 6514852 10:24:16 Nov 15 2008 asdm-524.bin
11 -rw- 8515584 08:55:19 Nov 15 2008 pix724.bin
16128000 bytes total (1042432 bytes free)
pix515e(config)#
pix515e(config)# show asdm image
Device Manager image file, flash:/asdm-524.bin
pix515e(config)#
pix515e(config)# show flash
Directory of flash:/
4 -rw- 1894 07:27:21 Nov 04 2005 downgrade.cfg
7 -rw- 6514852 10:24:16 Nov 15 2008 asdm-524.bin
11 -rw- 8515584 08:55:19 Nov 15 2008 pix724.bin
16128000 bytes total (1042432 bytes free)
pix515e(config)#
pix515e(config)# show asdm image
Device Manager image file, flash:/asdm-524.bin
pix515e(config)#
Looks like you may need to upgrade the firmware and/or load the ASDM image to the ASA. This article might help you:
https://supportforums.cisco.com/thread/2104720
https://supportforums.cisco.com/thread/2104720
ASKER
Is my ASA OS version 6.3(4)? Do I need upgrade this ASA OS first? Based on this link, http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html, this version is even not listed there. Please advise, thank you.
BFD-PIX505(config)# show version
Cisco PIX Firewall Version 6.3(4)
Compiled on Fri 02-Jul-04 00:07 by morlee
BFD-PIX505 up 2 years 256 days
Hardware: PIX-506, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 8MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0005.328f.e95a, irq 11
1: ethernet1: address is 0005.328f.e95b, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Limited
IKE peers: Unlimited
This PIX has a Restricted (R) license.
Serial Number: 405122436 (0x1825ad84)
Running Activation Key: 0x11bdfd23 0x6e3e9df3 0xa902d125 0xd8848fb9
Configuration last modified by enable_15 at 17:58:45.688 UTC Mon Dec 23 2013
BFD-PIX505(config)#
BFD-PIX505(config)# show version
Cisco PIX Firewall Version 6.3(4)
Compiled on Fri 02-Jul-04 00:07 by morlee
BFD-PIX505 up 2 years 256 days
Hardware: PIX-506, 32 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 8MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
0: ethernet0: address is 0005.328f.e95a, irq 11
1: ethernet1: address is 0005.328f.e95b, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Limited
IKE peers: Unlimited
This PIX has a Restricted (R) license.
Serial Number: 405122436 (0x1825ad84)
Running Activation Key: 0x11bdfd23 0x6e3e9df3 0xa902d125 0xd8848fb9
Configuration last modified by enable_15 at 17:58:45.688 UTC Mon Dec 23 2013
BFD-PIX505(config)#
It looks like you have a PIX 506 with only 32 meg of ram. ASDM isn't supported according to the Cisco link:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml
ASKER
Is there a way to increase the ram inside this device?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi, PeterLong:
You are absolutely right! After I checked this ASA model number in the server room, I found it's indeedly a PIX 506 device. It was up for 2 years on the backup network.
Luckily, I have an extra ASA 5505 device as a spare one on my desk. If you think this ASA 5505 is higher than the 506 one, I am gonna to replace the 506 one.
Could I export policies from 506 and import them into 5505?
Please advise a replacement solution. Thank you.
You are absolutely right! After I checked this ASA model number in the server room, I found it's indeedly a PIX 506 device. It was up for 2 years on the backup network.
Luckily, I have an extra ASA 5505 device as a spare one on my desk. If you think this ASA 5505 is higher than the 506 one, I am gonna to replace the 506 one.
Could I export policies from 506 and import them into 5505?
Please advise a replacement solution. Thank you.
ASKER
I have another working firewall in my production env, it has OS 7.2(4), could I download that pix724.bin file to the tftp server? IF I can get the file then I can upload it to the pix 505.
pix515e# show version
Cisco PIX Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "flash:/pix724.bin"
Config file at boot was "startup-config"
pix515e up 21 days 10 hours
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 0015.c64f.166a, irq 10
1: Ext: Ethernet1 : address is 0015.c64f.166b, irq 11
2: Ext: Ethernet2 : address is 000e.0c84.04bf, irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 3
Maximum VLANs : 10
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Restricted (R) license.
Serial Number: 809390681
Running Activation Key: 0xdd36cf65 0xac62cc4a 0x3402e1bc 0x8e2c3440 0xca05019a
Configuration last modified by admin at 15:30:06.305 PST Thu Dec 12 2013
pix515e# show flash
Directory of flash:/
4 -rw- 1894 07:27:21 Nov 04 2005 downgrade.cfg
7 -rw- 6514852 10:24:16 Nov 15 2008 asdm-524.bin
11 -rw- 8515584 08:55:19 Nov 15 2008 pix724.bin
16128000 bytes total (1042432 bytes free)
pix515e#
pix515e# show version
Cisco PIX Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "flash:/pix724.bin"
Config file at boot was "startup-config"
pix515e up 21 days 10 hours
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 0015.c64f.166a, irq 10
1: Ext: Ethernet1 : address is 0015.c64f.166b, irq 11
2: Ext: Ethernet2 : address is 000e.0c84.04bf, irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 3
Maximum VLANs : 10
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has a Restricted (R) license.
Serial Number: 809390681
Running Activation Key: 0xdd36cf65 0xac62cc4a 0x3402e1bc 0x8e2c3440 0xca05019a
Configuration last modified by admin at 15:30:06.305 PST Thu Dec 12 2013
pix515e# show flash
Directory of flash:/
4 -rw- 1894 07:27:21 Nov 04 2005 downgrade.cfg
7 -rw- 6514852 10:24:16 Nov 15 2008 asdm-524.bin
11 -rw- 8515584 08:55:19 Nov 15 2008 pix724.bin
16128000 bytes total (1042432 bytes free)
pix515e#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you guys very much! May you nice guys and your families have a wonderful Christmas !
ASKER
I am configuring the spared ASA 5505 and will replace the old PIX 506. How could I check the existing license information on the ASA5505 and PIX506. thanks.
Use the "show version" command. I can't remember the output on the Pix, but the line on the ASA reads "Inside hosts", and either 10, 50 or unlimited.
ASKER
hostname(config)# http source_IP_address mask source_interface
BFD-PIX505> http 10.10.4.39 255.255.252.0
Type help or '?' for a list of available commands.
BFD-PIX505> http 10.10.4.39 255.255.252.0 10.10.4.39
Type help or '?' for a list of available commands.
BFD-PIX505>