Cisco Security :: 5505 - No Access To ADSM
Feb 19, 2013
I still can't access ASDM. I deleted the old ASDM versions and upgraded to ASDM 7.1(1)52 which shows compatible with ASA 8.2(1). I'm on an inside NAT address connected to Eth 0/5, 192.168.1.5/24. I can ping and SSH to the FW but no ASDM. Following is passing traffic and everything else works just fine.
JEREMY-ASA# show ver
Cisco Adaptive Security Appliance Software Version 8.2(1) Device Manager Version 7.1(1)52
JEREMY-ASA# show run asdm
asdm image disk0:/asdm-711-52.bin
no asdm history enable
[Code]...
View 4 Replies
ADVERTISEMENT
Jun 29, 2012
I am running into a issue that I cannot seem to figure out. I have a asa 5505 with the Security Plus license. I setup a native vlan where all of my network devices sit on. ie my Wireless Access point has an ip of 192.168.3.2, my switch .3. I have no issues managing these devices from any vlan I am on (permitting firewall access rules). When I try to access my ASA via ASDM/SSH. I have to use the gateway of the vlan I am on. For instance. If I am on vlan 10 I have to use 192.168.10.1 for access, if I am on vlan 20 I type 20.1...etc...etc If I type in 192.168.3.1 I get an error in the ASDM logs that states TCP reset by appliance. This is for any gateway I type except for the gateway of the vlan that I am connected to. I am posting a sanitized config. How can I configure the ASA to permit access via any gateway.
View 3 Replies
View Related
May 9, 2012
I am trying to unravel a ASA 5550 config that has been created over several years, by multiple people, some who used ADSM, some who used CLI.
None of them ever removed any lines from the configuration, and none did any documentation. When examining the actual configuration from a CLI perspective:
1. Does an ADSM- created access list end with any specific ADSM- added suffix?
2. When ANY access list is created in an ASA 5550, does it HAVE to be included in the access-group command to be functional? Can it also be functional if referenced in a "nat" command?
3. If the access list does meet either of the criteria specified in question #2, is it completely non-functional?
4. If an access list is applied to a logical or physical port that is shut down, is the access list functional?
View 4 Replies
View Related
Dec 21, 2012
I try to configure my CISCO ASA 5505 for remote access vpn, and I encounter the following issue : Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding. [code]
View 2 Replies
View Related
Feb 28, 2013
I have configured and tested an ASA-5505 that will be deployed at a customer's home. The ISP cable modem will connect to the E0 (outside) interface of the ASA. All other interfaces on the ASA are configured for the inside network 192.168.5.0/24. I have created a VPN site-to-site tunnel between this ASA and the UC540 to allow 192.168.5.0/24 subnet access to the internal networks on the UC540.
The user has requested that all the network devices used by the rest of the family will only need to connect to the Internet. They will not need access to the VPN tunnel and they will not need access to the computers on the 192.168.5.0/24 inside network. I was planning on performing the following tasks to get this to work.
View 2 Replies
View Related
May 24, 2011
I have a ASA 5505 that I test with which originally came with the Security Plus license. I recently erased flash and loaded the latest asa841-k8.bin version of IOS along with asdm-642.bin. Everything booted fine and came up as it does when freshly wiped however I noticed that i was now only running a base license. If I issue the sh activiation-key command, I noticed the following messages (full output is at the bottom):
The Running Activation Key is not valid, using default setting
......
This platform has a Base license.
......
Failed to retrieve flash permanent activation key
Did I somehow kill my Security Plus licensing when I did the erase flash? If so how do I recover it?
ciscoasa# sh activation-key
Serial Number: JMXXXXXXHU
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
The Running Activation Key is not valid, using default settings:
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
[code]...
This platform has a Base license.Failed to retrieve flash permanent activation key.The flash permanent activation key is the SAME as the running permanent key.
View 2 Replies
View Related
Jul 9, 2012
We have an ASA running 8.2.2 (adsm 6.2.5). VPN connections are working well.But it's not possible to use a SIP client (phone or software) through an SSL tunnel.So today I've tried to look in detail on this problem. I installed an ubuntu system,openconnect and ekiga as softphone. In our network everything is working without any error. I used an external DSL connection to test everything over the VPN tunnel.I can ping the SIP server and I can access the https frontend of the the SIP Server.The client "seem's" to connect as well. I can call the ekiga client, it's ringing and i can speak and hear everything (most times).Dialing from the ekiga client ALWAYS fails. On the ASA there is no policy allowing or denying those connections. How can I trace it on the ASA ?
View 2 Replies
View Related
May 22, 2012
I cannot logon with adsm anymore.when I run adsm, I type in my pw, and the screen keeps displaying "contacting the device". No timeout, just stays this way.I've updated the java version, no luck.I can connect with SSH with no problem. device = asa5550, 8.2(1) asdm 6.2(1) [code]
notice that there is no "with cookie-based authentication" here -- is this relevant?
Rebooting the device is not really an option.
View 7 Replies
View Related
Dec 17, 2012
I'm not quite ready for the Automatic Failover feature that the ASA 5520 support. For now we have a cold stand by unit. I was wondering if I can change the mac addresses of the standby unit's interfaces to be exactly the same as the primary unit. I see an active/standby mac address section in ADSM, but I think that is used in the automatic failover function.
View 12 Replies
View Related
Jan 3, 2012
i'm having issues with ASDM 6.3 on my ASA 5500.When i try to add a policy under firewall --> service policy rules (Add Service Policy Rule Wizard - Rule Actions), i'm not able to add a netflow policy as I'm not presented with a dialogue box after I press "add".i've tried this from multiple computers mac os and windows.
View 9 Replies
View Related
May 20, 2012
I am trying to veiw my PIX515e via the ASDM, but I am unable to...Can you review my config and make sure I have everything setup the way it is supposed to?
PIX Version 8.0(4)32
!
hostname pixfirewall
domain-name jkkcc.com
enable password DQucN59Njn0OjpJL encrypted
passwd DQucN59Njn0OjpJL encrypted(code)
View 1 Replies
View Related
Dec 16, 2012
Trying to get port forwarding going using ASDM 6.4 on a Cisco 5510
I want to forward port 25/Smtp to 192.168.1.10
I have added all the rules as outlined in the link below. [URL]
But when running an open port checker on [URL]
It says the port is closed, I have noticed that under Access Rules under the Hits columns it says 52 ?
View 7 Replies
View Related
Feb 28, 2011
I recently upgraded my Pix 515e from 6.3 to 7.08. Upgraded pmd to adsm. If I do a show ver, it states 7.08. But, if I do show config, it still shows 6.3.Why would they be different? Since adsm runs fine, I know that the upgrade went fine.
View 2 Replies
View Related
Mar 23, 2011
We have a WEB VPN running on Cisco ASA 5510 (SW = 8.2.1 / ASDM SW = 6.2.1). There are multiple internal (Web) applications are published on it and are working. One of the Web Application is working from internal network but from outside (or internet) through Web VPN, it is getting stuck and trying to load JAVA version. It is to be mentioned here, the latter web application is required Java Version 1.4.2 while the working applications are working with Java 1.5.1.
Is it possible to mount the more than on Java version on Cisco ASDM to be worked together ?
View 1 Replies
View Related
Jun 10, 2012
I have just logged into the ASDM for my 5520 and can see under the "Firewall Dashboard" tab that I can enable these graphs/stats, why would they be disabled? So I was wondering if I enable these and they use alot of memory how can I disable them again?
View 3 Replies
View Related
Oct 5, 2011
I have just logged into the ASDM for my 5520 and can see under the "Firewall Dashboard" tab that I can enable these graphs/stats, why would they be disabled? So I was wondering if I enable these and they use alot of memory how can I disable them again?
View 1 Replies
View Related
Jun 27, 2011
I have ASA 5505 that has two inside security level 100 interfaces and an outside interface.On the inside interface we have corporate domain subnet with DC and 30 hosts. On the inside2 interface I have few servers that runs specific application important for our business needs, and dumb terminals that are connected to them.I have a laptop user that periodically needs access from our corporate vlan1 to one of the servers on inside 2 vlan via remote desktop or some other remote viewer client,so he can view reports etc.I have enabled same-security-traffic intra-interface command and added nat exempt command pointing specific laptop host machine to that specific server.
Now my main concern is regarding security. This user carries his laptop home, browses the web, puts USB memory, and you can imagine how this machine is susceptible to all kind of malicious software. Inside2 vlan is very important and until now it has been a very secure environment.This is no longer the case since all traffic between this inside sec level 100 vlan host and corresponding inside2 sec level 100 server is now allowed because of the enabled same level interface traffic and nat exemption rule. Do I have another solution that would allow communication based on just a tcp port number for this host? Something like port forwarding from outside to inside Vlan interface?
View 10 Replies
View Related
Oct 23, 2011
I save the configuration in the ASA 5505 using write memory or using copy run start but whe i unplug the power cord and plug it back in the ASA gets its factory default configuration.. then what i do is a copy start run to get the configuration active..
View 2 Replies
View Related
Nov 18, 2011
i have asa 5505 adaptive security plus. and i have only 3 vlans . outside , inside , DMZ restricted.so it's working fine but i want to connect to my inside another private network, or do i need to buy License.and how i can activate the license key.
View 4 Replies
View Related
Jul 3, 2011
I have got a working 5505 running 8.3.1 firmware and 6.3.1 ASDM.I have now purchased a second unit and ensured that both units are running the same firmware levels etc.
I have via the ASDM created a backup of the working units configuration, and now i want to load this configuration onto the second unit.I have connected the consiole cable up to the second unit and tried pasting in the contents of the configuration file but no joy.I want to ensure that my configuration will work on this unit before i configure the two units in Active/Passiove configuration.
View 1 Replies
View Related
Apr 5, 2010
I have an ASA5505 with Security Plus license so I can have many interfaces (not 2 + 1 limited DMZ like in base license)
I have 2 VLANs.Is it possible to use one ISP for VLAN 1 and other for VLAN 2 ? Is it limited to 2 ISP's or can have more ?
View 14 Replies
View Related
Feb 15, 2012
I used my Pix config to setup the ASA 5505.Everything seems to be right. I used ASDM to view settings and it seems right. I am missing something minor, but I am going blind looking at it.
I can remote into the network from outside, but internatlly I cannot get out of network. No internet or email is passing through.
: Saved
:
ASA Version 8.2(5)
!
hostname textasa
domain-name testcorp.com
enable password 579oWRzSY5syo9yt encrypted
passwd 579oWRzSY5syo9yt encrypted
[code]....
View 5 Replies
View Related
May 9, 2011
I have a ASA 5505 which stops pretty early in the boot sequence.
This is all that shows up,
CISCO SYSTEMS
Embedded BIOS Version 1.0(12)13 08/28/08 15:50:37.45
Low Memory: 632 KB
[Code].....
View 1 Replies
View Related
Jun 1, 2011
I have had the ASA 5505 set up for over 5 years, no problems. For some reason there is one website that my users cannot access. [url].... (173.161.122.9). Why it is being blocked.
[code]....
View 5 Replies
View Related
Apr 22, 2012
I am new to networking and configuring a ASA 5505. I have one public IP and would like to know if I can Nat this ip to 2 private IP addresses. Both addresses will be passing similar traffic.
View 1 Replies
View Related
May 7, 2012
How can I achieve this. I am obviously a novice cisco user and really fight my way around. I just want to grant access to a vendor to connect to his vpn. What ports need opened and what else do I need to do?
View 1 Replies
View Related
Apr 19, 2012
We want to upgrade one of our Cisco 5505 with Security Plus license. what is the difference between L-ASA5505-SEC-PL and ASA5505-SEC-PL upgrade licenses?
View 1 Replies
View Related
Apr 29, 2012
I have bought 2 new ASA5505 with SmartNet contract. I already have my 2 SmarNet contract number. Now I want to add these 2 contracts to my TAC account, so I can have support for my 2 new products. My TAC account already have 1 SmartNet contract for another device I have.What is the procedure to add my SmartNet contract to my account?
View 2 Replies
View Related
Dec 21, 2011
I'm trying to replace a ASA 5505 with a Cisco 2801 w/ security bundle.I have gone through a pretty basic set up of configuring what I could and letting the Cisco Config Prof do the security audit to lock it down. I have everything working just fine except for the bandwidth.
As soon as I plug the router in it seems to give all the bandwidth to one computer and the rest of the campus slows down to a crawl.I turned on "fair-queue" and even tried the QoS wizard in CCP, but it seems like thats if you want to prioritize voice over data - which we aren't running VOIP so I don't need.
View 7 Replies
View Related
Oct 11, 2012
how to hide Wireless SSID via Wireless controllers (one I am using is 5505)
Currently anyone can attmept to login to it as i cant find any options to hide it! Screen shot below)
what measures I should take to secure the APS and from access, currently considering port security and static mac addresses on ports; traffic is already got ACLS on its vlan. I have little to no experience on Wireless devices.
View 10 Replies
View Related
Apr 19, 2013
I have a Cisco home rack lab which is behind my ASA 5505. I use my ASA to connect to the internet. My situation is I travel a lot for work, and I am unable to do my labbing practice. I am pretty new to ASA and would like to do a port forwarding to access my access server which is connected to my Cisco routers and switches.My network topology is this: (internet)-------(ASA 5505)----------(3550)-------(CM32 Access Server)----------(Cisco Rack) This is how I setup my remote access:
Code:
ssh 0.0.0.0 0.0.0.0 outside
View 8 Replies
View Related
Mar 6, 2011
When I run the Upgrade software from Cisoc.com Wizard in ASDM i get this error:
You are not authorized to download encrypted software. Please register your self for this service.
CRYPTO_REQUEST_URL
View 1 Replies
View Related
Apr 17, 2011
I'm having some issues configuring NAT statements on my ASA5505 which has recently been upgraded to 8.41.
I have a single dynamic IP on the outside interface of the ASA and would like all internal hosts to NAT/PAT to it. In addition, I would like to have several ports 'forwarded' to internal hosts, one of which is TCP/4343. With the current configuration all hosts are NATing to the external interface properly but the service running on TCP/4343 is not accessible from the outside. See command output below:
"sh run object" output:
object network DrJones host 10.81.220.90object network LAN-10.81.220.0 subnet 10.81.220.0 255.255.255.0
"sh run nat" output:
object network DrJones nat (inside,outside) static interface service tcp 4343 4343object network LAN-10.81.220.0 nat (inside,outside) dynamic interface
"sh run access-list" output:
access-list inside_access_in extended permit ip 10.81.220.0 255.255.255.0 anyaccess-list outside_access_in extended permit icmp any any echo-replyaccess-list outside_access_in extended permit tcp any interface outside eq 4343
View 6 Replies
View Related
