I have a problem with ASDM connection to ASA 5520 cluster. When I'm trying to connect the ASDM shows: "Contacting the device. Please wait..." and nothing happen. The http server is enabled with default port. Both cluster members after restart.
Cisco Adaptive Security Appliance Software Version 8.4(1) Device Manager Version 6.4(1)
I am creating access rule on a ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) and found that the GUI has less option then when creating access rule on a ASA5505 running ASA 7.2 (3) and ASDM 5.2(3) (see attachment). Is there an option that enables me to get the same configuration options on the ASA5520 running ASA 8.2 (1) and ASDM 6.2(1) as I have on the ASA5505 running ASA 7.2 (3) and ASDM 5.2(3).
View 4 Replies View RelatedWe are running a ASA5520 with system image of "disk0:/asa843-k8.bin". I'm also running ASDM ver: 6.4(7)So my question is while I'm in the ASDM on the configuration of the firewall, I'm looking at the Access Rules. When I do a show log on any of the rules that have hit counts on them, it opens up a Real-Time Log Viewer but I don't see any information. It's not showing anything, nothing appears, it just sit's there like it's waiting but no data is coming. Even though if I go back out to all the rules, I can see the hit count incrementing. The same thing happens no matter which rule I pick with hit counts on them.
View 1 Replies View Relatedwe have an ASA5520 need upgrade new anyconnect client, but the new version is too big, so it's no enough space. I want to delete the ASDM image to free the more space. My question is when I delete the ASDM image,if I could manage the ASA from web browser?
View 5 Replies View RelatedI have a 5520 ASA running 8.2(1) and ASDM 6.2(1). The ASA has been running for 223 days without issue. Today it stopped showing real time status on the Device Dashboard from within ASDM. All of the graphs state "Lost connection to Firewall."I try to manually reconnect but it will not. I have tried on a couple different computers and cannot get the monitoring connection to work.It is a very busy firewall and I will have to schedule for a restart (which I was thinking of doing) even though I do not see a memory issue as per snip below. I don't want to restart unless it is the best option.
View 13 Replies View RelatedI recently had a vendor configure our 2 firewalls (ASA5520). We are replacing a active-failover PIX525 firewall in 2 locations. After the vendor configured the new ASA5520's, I was unable to access the ASDM. The configurations are a basically modified versions of the config on the PIX525. I did find that they did not set the ASDM image path. [code]
I have tried from my browser as well as downloading and installing th ASDM on my computer.
I have an ASA 5520 new. I am trying to migrate from a PIX 515E. I can connect via the CLI and ASDM on the management port (IP 192.168.1.1 the default) What I am having an issue with though is when I change the management port to 10.0.1.1 via the CLI or ASDM I can no longer use ASDM. I issue the show IP command in the CLI and I see that the IP has indeed changed but I still can not get into it. I must be missing something really simple, but this is driving me insane. I want to change the IP because I need the a different interface to be 192.168.1.1.
View 2 Replies View RelatedI have an ASA 5520 running version 8.2(1) and I am having an issue with ASDM sessions.I can SSH into the ASA and have tried to clear the sessions but they do not clear as per below.
largoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW# confi tlargoGW(config)# asdm disconnect 0largoGW(config)# asdm disconnect 1 largoGW(config)# asdm disconnect 2largoGW(config)# asdm disconnect 3largoGW(config)# asdm disconnect 4largoGW(config)# exitlargoGW# sh asdm session0 dguselnx1 dguselnx2 dguselnx3 dguselnx4 dguselnxlargoGW#
An interesting point: the host dguselnx is my linux based computer that I am using to SSH to the ASA. I do not connect via ASDM from this device so it is strange that the hostid for the asdm sessions is showing as my linux host and not my Windows laptop (that I am trying to connect via ASDM from).
I have an ASA 5510 in a live environment. Up til a short while ago I could access this via the ASDM and ssh. However I can no longer connect to it via eithier. When I access It via SSH I get a disclaimer saying the following
*** You have entered a restricted zone! Authorized access only!!! Disconnect immediately if you are not authorized user! ***
It then cuts me off.
When I try to access the ASDM I get the following
The firewall is running all its services without a problem and I can ping the device without any issues. Also none of the config (to my knpowledge has been changed). I set up a console session and http server enable is still there with
http 192.168.200.0 255.255.255.0 inside
nat global entry not showing up in ASDM but it does via CLI see blow, it's a policy NAT.
nat (inside) 5 access-list inside_nat_outbound_4
global (outside) 5 ************-OUTSIDE netmask 255.0.0.0
Global 5 doesnt show in ASDM 6.1 (5) the globals only go up to 3
I need connecting ASDM to ASA 5525x management port its a brand new ASA i just updated ios and ASDM port configuration is following
Management por 0/0 ip 192.168.1.1
secure-level 100
http server enable
http 192.168.1.10 255.255.255.255 inside
port is up
When I am launching Internet explorer it just said cant connect Chrome shows connection with 192.168.1.1 is was interrupted but i can ping asa and backward .
Running ASA 5505
ASA Version: asa844-1-k8.bin
ASDM: Cisco ASDM 6.2(1)
I updated my ASA with version asa844-1-k8.bin.
However, whenever I try and run the ASDM client, I get the following error:
"Your ASA image has a version number 8.4(4)1 which is not supported by ASDM 6.2(1)."
How do I get the latest version installed on my Mac desktop? I know that I can connect via the web interface and run the ASDM client, but the same error persists. I have the asdm-649-103.bin file, but cannot connect to the ASA to install (I don't recall ever setting up SSH).
I was able to connect to my ASA 5510 with a browser, install ASDM, and configure my ASA 5510 with my Windows 7 laptop. Since I needed the laptop for another task, I am now trying to connect using a Linux laptop to do the same, but without success.
I can ssh into the firewall using the management port (192.168.1.1) from the Linux command line. However, I cannot connect using a browswer (192.168.1.1) to install ASDM.
I have a question about my ASA 5520, it worked well till two weeks ago, and suddenly cannot be accessed by SSH/Telnet/TFTP....only can use the Consoel port to access it now, but other VPN/ACL setting working well. [code] If I enabled the outside access for SSH like below, it works well for outside port.ssh 0.0.0.0 0.0.0.0 outside.
View 3 Replies View RelatedSo I have a client with an ASA 5520 running version 9.0 (was on 8.4) that I am trying to get either IPSec or SSL VPN configured on. I got everything setup and tried to connect. However, I couldn't connect to either. I fired up the real time monitoring and didn't see any syslog messages referring to a VPN build up. I also enabled SSH/Telnet on the outside interface and cannot connect to the ASA outside interface. I can ping the outside interface and can ping the internet from the ASA. I did set up a test ACL on the ASA and ran packet tracer on it and the results came back fine.
There is an IPS in the ASA as well, but I disabled the ACL for that and still am having these issues. Part of me wonders if the ISP has something set up to block inbound traffic. This should be a business class connection.
Our firewall expert has gone off on long term illness leave and I am trying to pick up the pieces :-(
We have an ASA 5520 (local office) talking to another ASA (remote office) via a VPN Tunnel.
My 1st problem is that I cannot ping from my inside network (local) to the outside interface of my remote ASA.
My 2nd is that I have debug enabled on my rules but am not logging anything.
I have a ASA 5520 which is intended to use as a VPN for clients using PDA, I think the PDA is a very old product that the VPN only support CHAP/ MS- CHAP, but seems it cannot connect the VPN, it will prompt "invalid username and password" (but in fact the username and password is valid when using PAP), below is the log i captured from the ASDM when the PDA is connecting the VPN. when i tried to connect it in windows PC, I also have the same issue if the VPN setting is using MS-CHAP, if I choose PAP, it can connect with no problem. But the PDA has no option of PAP. [code]
View 0 Replies View RelatedAfter pulling a brand new ASA5515 out of the box this morning, I spent countless hours scratching my head wondering why:
1. I cannot establish an HTTPS connection to the Management port - https://192.168.1.1/admin
2. When connecting via the console port I get prompted with a username and password sequence that I don't know
I get an SSL Version Error message when I try to connect with any browser. although I did find a way to resolve it, it requires a console port connection which is not working either.This is not my typical experience with the console or ASDM port setup.
I would like to configure an ASA5512-X in firewall transparent mode, but I am having trouble getting ASDM to lauch when I do.
I have created a BVI interface with an IP address, and I hve enabled the mangement interface, but ASDM does not lauch when I enter the IP adress of the BVI I created.
Apprently you need to use the bridge-group command to assign an interfce to a bridge group. When I enter this command at the (config-if) prompt for Management 0/0, this command is not recognized.
What are the general steps for configuring the management interface to be able to launch ASDM in transparent mode?
I would just like to to open UDP port 123 in the ASA 5510 Firewall so that our Primary Domain Controller could use this port to sync time with an external time source. We have already added an access rule for this port under the firewall configuration in ASDM 6.4 and this port was also allowed in the inbound and outbound rule of the PDC's Firewall but it seems that it was still blocked.
View 23 Replies View RelatedI have a ASA 5515-X-IPS firewall and I want to communicate firewall through ASDM-IDM. Already done the below procedure;
•1. Connect cable to Management port.
•2. Open browser and type https://192.168.1.1/asdmin and download the ASDM-IDM Launcher v1.5(55) and install my laptop(OS: windows 7)
•3. Connect asdm-idm launcher we put IP Address: 192.168.1.1 and username, password enter.
Just whenever we login the wizard then the message shown “ Unable to connect the asdm manager”For your kind information we already setup jre6u7 java software.
With regarding to the firewall ASA5520, i'm using it in my network, all the confiuration are properly configured and working but with the use of proxy address in internet explorer(e.:206.53.155.129/3128) all the blocked contents as easily accessible simply it bypass all the network through firewall.so will u guide me to block the proxy servers.
View 1 Replies View RelatedI have two asa 5520 firewalls. one at my primary data center connected to our production Internet feed, and one at my fail over data center connected to a backup internet feed. I was wondering if there was an easy way to keep the firewall rules in sync between the two firewalls. We have failover with our isp that will move our public facing address block from our primary site to our dr site in the event of a disaster so the ip addresses will not change if we were to have to fail over to the DR site. currently i just have to do any changes that i make on the fail over server but would like a way to at least simi-automat this if not fully automat this so that i can eliminate the possibility of human error of a change happening at primary but never getting don at DR.
View 1 Replies View RelatedI can get to the untrusted certificate on https....coming from my address 192.168.133.205..but i get denied am i being denied by access list?..I dont see how since intital SSL begins..
these are the log from the ASA---10.11.24.11 is the ip of one of the contexts
interface GigabitEthernet0/1.124 vlan 124 nameif Inside security-level 100 ip address 10.11.24.11 255.255.255.0
http server enablehttp 0.0.0.0 0.0.0.0 managementhttp 0.0.0.0 0.0.0.0 Inside
Mar 22 2010 16:05:34: %ASA-6-725001: Starting SSL handshake with client Inside:192.168.133.205/24368 for TLSv1 session.Mar 22 2010 16:05:34: %ASA-6-725003: SSL client Inside:192.168.133.205/24368 request to resume previous session.Mar 22
[Code]....
I've configured a couple of ACL rules via CLI in my ASA. When i checked in the ASDM, it only shows the basic rules that was configured by default and did not show the rules that i've created.
View 6 Replies View RelatedI have recently upgraded ASA to 8.4 and found that ASDM is not working on it. I tried the latest ASDM version 7.1 still no luck. When I try to access ASA using IE...it just shows " Page can not be displayed "
Following is the config which I have
http server enable
http 0.0.0.0 0.0.0.0 inside
http 10.52.193.218 255.255.255.255 inside
asdm image disk0:/asdm-711-52.bin
asdm location 0.0.0.0 0.0.0.0 inside
asdm history enable
Is there anything else required in ASA 8.4 for ASDM to work? When I telnet to ASA interface with 443 port it works
im working on a small project on a asa 5505 and beacuse i do most of the work from the outsidei want to open up asdm without vpn.
i have it working on another asa and the only difference is the rom version.the one not working is 8.0(5) - 6.2(3) and the one working is 8.0(4) - 6.1(5) did they do some changes?
ASDM cannot be loaded. Click OK to exit ASDM. Server returned HTTP response code: 503 for URL...
I'm attempting to access the ASDM externally (where x.x.x.x is the external IP). I was able to access 3 days ago just fine. So far, I've found suggest a reboot.
ASA Version 8.2(1) - I think the ASDM version is 6.2
I was going through the release notes on cisco website of ASA 8.4.6 and ASDM 7.1.3 but I just can not find a definitely answer: if ASDM 7.1.3 can run with 8.4.6?
View 2 Replies View RelatedI have a asa5520 with five Internet IP.One for the internet interface and the others are static maped to dmz hosts. It runs rightly until yesterday.Now it will lose the connection to the gateway many times everyday and the dmz hosts can not connect to internet any time. configuration(simplified):
!
interface GigabitEthernet0/0
nameif internet
security-level 0
[Code]....
I called ISP to check,when ISP clear their router's ARP, the asa will lose the connection at the same time and then the ISP's router couldn't learn the ASA's MAC. After I 'clear arp' manually,The ISP's router can learn the ASA's MAC and the connection recovered,but the DMZ's cann't access internet still (of course,There is no problem between DMZ and ASA ,I ping the internet gateway from DMZ host and can not get any reply.).
We have 2 x ASA5520 and I upgraded this to 8.2.2 last year, I see 8.2.5 and now 8.4 is out. If we are having no issues, is it best just to leave it as it is? I can see a couple of features I may find useful in 8.2.5, but 8.4 seems like a huge jump and a risky one too.
View 1 Replies View RelatedI have one firewall ASA5520, are very slow
View 3 Replies View RelatedI am trying to introduce an ASA5520 to my network based on the following diagram: ISP Internet ------> ASA5520 ------- > Cisco Router ------> LAN. The problem is I cannot ping the ASA from the LAN. I can ping it from inside the router. I already allow ICMP within ASA. If i remove the cisco router and replace it by a swich, I can ping the ASA with NO problem.
View 5 Replies View Related
