How to solve the issue between ASDM and SSL connection with one JAVA in ASA?

HI Expert, it took some time for me to configure SSL vpn connection successfully. The reason is that I changed java version from 6 to 7. However after I changed it to 7, ASDM cannot work under the version 7. If I change back to version6, SSL vpn connection will be down. How to solve the issue ? Thank you
eemoonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented:
Not sure how the java version affects the VPN tunnell and won't mind if you can explain that.
Naturally, java just provides a platform to connect ASDM to the firewall and is not part of the IOS. Moreso, VPN tunnell has nothing to do with java.

With that said, you may need to change the security level on your java to allow ASMD to work

Also, add the url of the ASA to the approved sites
Lastly, import the certificate from the ASA into the trusted sites in java

For version 7
- go to control panel, open java, navigate to the security tab, then lower the security to medium. Option to lower security is not available in version 8 so that requires the 2nd option below
Version 7aVersion 7Alternatively, add the url of the ASA to the site list in addition to import the ASA certificate into the trusted site list
This is your only option for version 8
Version  8aVersion  8bVersion  8c
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Craig BeckCommented:
Just use compatibility mode in your browser.
0
btanExec ConsultantCommented:
remember to import the Cisco certificate, see further steps in link
When using some versions of Java, such as Version 7 update 51, the ASDM Launcher requires a trusted certificate. An easy approach to fulfill the certificate requirements is to generate a self-signed identity certificate and to configure the ASA to use it when establishing an SSL connection. After you generate the identity certificate and configure the ASA, you need to register it with the Java Control Panel on your computer.

For the ASA 5506-X, 5508-X, or 5516-X with an ASA FirePOWER module, you can use ASDM for module management. In this case, you must create two identity certificates: one for the ASA and one for the module.
http://www.cisco.com/c/en/us/td/docs/security/asdm/identity-cert/cert-install.html
More on the workarounds in ADSM 7.1(x) release notes - http://www.cisco.com/c/en/us/td/docs/security/asdm/7_1/release/notes/rn71.html#wp516584

also as same machine may be used to manage multiple ASA and the browser cache itself may trigger the issue, so In Java Control Panel's General tab sheet, there is the Temporary Internet Files. Typically removing all temp files will result in better functionality.
0
eemoonAuthor Commented:
After downgrading to java6 and did some config based on what you said, ASDM begin to work. the client already is installed there. So just clicked it. It can work now. Thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.