tabush
asked on
Help enabling http access for Cisco ASA - (ET)
I'm having trouble enabling http on my Cisco ASA. I am trying to do this so i can download and use the Cisco ASDM.
You'll see in the screenshot i already ran
http server enable
http 192.168.1.0 255.255.255.0 inside
however when i try try to browse to my device the page still wont open.
I tried browsing to it using the following
http://192.168.1.1
https://192.168.1.1
http://192.168.1.1/admin
https://192.168.1.1/admin
None of these are working.
You'll see in the screenshot i already ran
http server enable
http 192.168.1.0 255.255.255.0 inside
however when i try try to browse to my device the page still wont open.
I tried browsing to it using the following
http://192.168.1.1
https://192.168.1.1
http://192.168.1.1/admin
https://192.168.1.1/admin
None of these are working.
Do you have asdm image specified?
ASKER
Not that i'm aware of. What's that for and how to i set that?
Do "sh run | i asdm". If nothing comes up, check flash for asdm image "sh flash" and then configure it with "asdm image disk0:/asdm-xxx.bin".
I also see aaa only for ssh. You will need one https too.
aaa authentication http console LOCAL
aaa authentication http console LOCAL
I see your SNMP info points to a host on 192.168.1.0/24. Can we assume that the internal/private subnet that you're trying to access the ASDM on is actually on the 192.168.1.0/24 as well?
MO
MO
Hi,
You are missing a very useful wivered syntax in ASA always you have apply this Syntax in Policy unless and untill you define in policy you will not be able to access http Server whereas in Router it works with the given syntax .So,plz follow these steps in order to Access http Server.
ASA(Config-t) #Policy-Map Global_policy
ASA(Config-t)#class inspection_default
ASA(Config-t)#Inspect http
It should work if you apply this Syntax on ASA Configuration Mode.
You are missing a very useful wivered syntax in ASA always you have apply this Syntax in Policy unless and untill you define in policy you will not be able to access http Server whereas in Router it works with the given syntax .So,plz follow these steps in order to Access http Server.
ASA(Config-t) #Policy-Map Global_policy
ASA(Config-t)#class inspection_default
ASA(Config-t)#Inspect http
It should work if you apply this Syntax on ASA Configuration Mode.
http inspection does not have to be on, to access the ASDM?
heres. mine
And the ASDM works fine?
P
heres. mine
PetesASA# show run policy-map
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect ipsec-pass-thru
inspect ip-options
inspect pptp
class class-default
set connection decrement-ttl
!
And the ASDM works fine?
P
Service policies and ACLs (with one exception) on ASA are for the pass through traffic. The traffic directed at ASA itself isn't filtered by them. One exception to ACLs is the keyword "control-plane" which allows to filter control-plane traffic destined to ASA.
ASKER
Thanks everyone for your answers. I am still having trouble though.
@sim50. Yes it does look like it was enabled. See screenshot. Not sure if "no asdm history enabled" is an issue.
I also ran this command however dont think helped: aaa authentication http console LOCAL
Or is there a different command i should run for enabling https?
@michael. Yes i am trying to connect from a computer in that subnet.
@Feroz. I ran the first 2 commands however i'm hesitant to run the third because i dont know what affect it will have on my network.
@sim50. Yes it does look like it was enabled. See screenshot. Not sure if "no asdm history enabled" is an issue.
I also ran this command however dont think helped: aaa authentication http console LOCAL
Or is there a different command i should run for enabling https?
@michael. Yes i am trying to connect from a computer in that subnet.
@Feroz. I ran the first 2 commands however i'm hesitant to run the third because i dont know what affect it will have on my network.
What page do you get when you go to https://192.168.1.1?
What's your current version on ASA? sh ver
ASDM 5.22 is very old.
aaa authentication http console LOCAL - this configures authentication so you could login with the local user name/pw.
What's your current version on ASA? sh ver
ASDM 5.22 is very old.
aaa authentication http console LOCAL - this configures authentication so you could login with the local user name/pw.
ASKER
Software version 8.2 (5) 59
I get "this webpage cannot be found" from IE.
Chrome says "404 Not Found. The requested URL /admin/public/index.html was not found on this server."
I get "this webpage cannot be found" from IE.
Chrome says "404 Not Found. The requested URL /admin/public/index.html was not found on this server."
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@tabush,
You should update the System and ASDM software. That version is quite old. Can you serial into the device and update the software via TFTP?
MO
You should update the System and ASDM software. That version is quite old. Can you serial into the device and update the software via TFTP?
MO
ASKER
thank you.
That might be the only option however we're going to leave it on the current version. We're planning on replacing it very soon and dont want to make any big changes before we do so.
That might be the only option however we're going to leave it on the current version. We're planning on replacing it very soon and dont want to make any big changes before we do so.
You don't need to upgrade ASA image, just ASDM image. ASA image upgrade is optional.
ASKER
Are you able to attach that image file to this thread? This device doesnt have an active license with cisco so cannot login and download it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Dear Tabush,
Try to reset the rsa keys, and test again.
Also it will be great if you provide me with show run all output.
Regards,
Muhannad
Try to reset the rsa keys, and test again.
Also it will be great if you provide me with show run all output.
Regards,
Muhannad
ASKER
thank you for your help