Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA5510 access problem 1

Status
Not open for further replies.

JBruyet

IS-IT--Management
Apr 6, 2001
1,200
US
Hey all,

I just tried to get into my ASA5510 and I'm unable to login. I tried using my ASDM software and once I get to the "Software update completed" the login process stops. If I move the mouse cursor over the login window I get an hourglass but the process never goes any further.

When I try logging in using IE7 I get the following partial message in the small window:

ble to load Application, Exception in Starting Main wi

I can get in using my laptop but that's a bit of a hassle. I haven't tried to get into the device for a while so I don't know when the trouble started. Does anyone know of any programs that might conflict with my ability to get into my ASA from my desktop???

Thanks,

Joe B
 
log in using the console and post your config...probably a acceess list on there that does not have adsm turned on or the IP address you are trying to go to is not correct, or the default gateway is wrong....
 
This is just a thought, but I has an issue with logging into the asdm after one of the last java updates. I had to uninstall my java back to runtime 7 (I think) or 6 in order for the asdm to work again.
 
Hey all,

I've tried both Mozilla and IE7. I'm at 6.13 on my Java. I'm still thinking that it's a software conflict with something else because I can get into the ASA just fine using my laptop. That's just a tad inconvenient but it works for me.

Thanks,

Joe B
 
when you say using your laptop? how are you using your laptop? ADSM? or CLI? Explorer? Console Cable?
 
North323, I connected using Firefox just like I'm trying to do from my workstation. Since I can use my laptop I'm not "really" in a bind anymore, but I would like to know why my workstation quit connecting.

Thanks,

Joe B
 
Couple more thoughts... Is your laptop and desktop on the same subnet? If not you may only have the http set for one subnet.
Have you tried uninstalling the the asdm and re-downloading it from the box?
And lastly, could your security settings be blocking it because of the cert? Whenever I start I have to ignore the warning generated by the non-standard cert.
 
good call Mordine...what is the differences between your laptop and desktop?
 
I'm baaaaaaaaack...
Hey guys, I quit updating this thread because I was able to get into the ASA using my laptop. Not any more. I'm getting the same results as on my desktop.

When I run my ASDM Launcher I get to the "Software update completed" and then the Launcher closes but no ASA access. Uninstalling and reinstalling ASDM Launcher doesn't help.

When I "Run ASDM As Java Aplet" I get the second window with the "Do not close this window" warning and the "Cisco ASDM 5.0 for ASA will start in another window. Closing this browser window will cause Cisco ASDM to exit." message. But I never gain access to the ASA. The progress bar goes to 100% and does some random blinking but no ASA access. Not even after about 40 minutes of waiting.

I've now tried accessing my ASA from three different machines with the same result from each machine. I should probably add that no network changes have been made, and that everything is on one big happy subnet.

North323 recommended that I login using the console and "post the config" but I'm not a Cisco guy and I don't know how to pull up the config. Any suggestions there?

Thanks,

Joe B
 
ya take your laptop with a console cable (blue) and use your creds to get in to enable mode and type show run and post that
 
Do you know how to console into the ASA?

To post a config just type sho run at the # prompt.

example:

MyASA#sho run

copy it to notepad and scrub it before posting.



Stubnski
 
i had the same problem. the only way was to completely uninstall the currently installed java applet. restart the system and install the version not newer than v7. download it from "java.sun.com/products/archive". one more restart and voila! it should work. keep us posted.



Jeffrey Rebong

 
jrdebug, I must be looking at the wrong thing because my Java version is 1.6.0_14 running on XP Pro SP3.

North & Stub, here's the SHO result:

sho run
: Saved
:
ASA Version 7.0(2)
names
name xxx.xxx.xx.xxx ForeignDomain
name 192.168.2.34 Stancil
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address xxx.xxx.xxx.90 255.255.255.248
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address xx.xx.x.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address xxx.xxx.x.1 255.255.255.0
management-only
!
enable password IzBrlUb2wYp4LeIQ encrypted
passwd uaKl7plbYNSiZd0F encrypted
hostname ciscoasa
domain-name MyDomain.com
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
access-list Outside_access_in extended permit ip host DOMAIN any
access-list Outside_access_in remark Changed from IP to UDP on 11/1/05 by Jobee
access-list Outside_access_in extended permit udp host DOMAIN host xxx.xxx.xxx.91
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny tcp any any eq 6346
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny udp any any eq 6346
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny tcp any any eq 6347
access-list Outside_access_in remark Deny Gnutella/Limewire
access-list Outside_access_in extended deny udp any any eq 6347
access-list Outside_access_in remark MDC traffic to our MDS server
access-list Outside_access_in extended permit udp any interface Outside eq PortXXX
access-list Outside_access_in remark Redirect for LOCATION
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX
access-list Outside_access_in remark Redirect for LOCATION
access-list Outside_access_in extended permit udp any interface Outside eq PortXXX
access-list Outside_access_in remark Redirect for LOCATION
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX
access-list Outside_access_in remark Internet redirect to LOCATION
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX
access-list Outside_access_in remark Internet redirect to LOCATION
access-list Outside_access_in extended permit udp any interface Outside eq PortXXX
access-list Outside_access_in extended permit tcp any interface Outside eq PortXXX

access-list Outside_access_in extended permit tcp any interface Outside eq pop3
access-list Outside_access_in extended permit tcp any interface Outside eq smtp
access-list Outside_access_in extended permit tcp any interface Outside eq www
access-list Outside_access_in extended permit tcp any interface Outside eq https

access-list Inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 host 192.168.2.253
access-list Inside_nat0_outbound extended permit ip any 192.168.2.192 255.255.255.192
access-list Inside_nat0_outbound extended permit ip any 192.168.22.0 255.255.255.128
access-list Outside_cryptomap_dyn_100 extended permit ip any 192.168.22.0 255.255.255.128
access-list link_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_120 extended permit ip any 192.168.22.0 255.255.255.128
access-list Outside_access_out remark Blocking Break.com from inside.
access-list Outside_access_out remark Blocking Break.com from inside.
pager lines 24
logging enable
logging buffered warnings
logging asdm warnings
logging from-address asa5510@DOMAIN.COM
logging recipient-address CELL#@vtext.com level critical
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool DOMAIN-ipsec 192.168.22.1-192.168.22.100 mask 255.255.255.255
ip local pool DOMAINlocal 192.168.2.89-192.168.2.99 mask 255.255.255.255
monitor-interface Outside
monitor-interface Inside
monitor-interface management
asdm image disk0:/asdm502.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 0.0.0.0 0.0.0.0
static (Inside,Outside) udp interface XXXX 192.168.2.37 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) udp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) udp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface XXXX 192.168.2.51 XXXX netmask 255.255.255.255
static (Inside,Outside) tcp interface smtp 192.168.2.3 smtp netmask 255.255.255.255
static (Inside,Outside) tcp interface pop3 192.168.2.3 pop3 netmask 255.255.255.255
static (Inside,Outside) tcp interface imap4 192.168.2.3 imap4 netmask 255.255.255.255
static (Inside,Outside) udp interface 25 192.168.2.3 25 netmask 255.255.255.255
static (Inside,Outside) tcp interface 255.255.255.255
static (Inside,Outside) tcp interface https 192.168.2.39 https netmask 255.255.255.255
static (Inside,Outside) XXX.XXX.XXX.XXX 192.168.2.31 netmask 255.255.255.255
static (Inside,Outside) XXX.XXX.XXX.XXX 192.168.2.32 netmask 255.255.255.255
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy DOMAIN internal
group-policy DOMAIN attributes
dns-server value XXX.XXX.XXX.26 XXX.XXX.XXX.36
split-tunnel-policy tunnelspecified
split-tunnel-network-list value link_splitTunnelAcl
webvpn
group-policy Transit internal
group-policy Transit attributes
dns-server value xxx.xxx.xxx.2 xxx.xxx.xxx.2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value link_splitTunnelAcl
webvpn
username Name1 password xyz encrypted privilege 0
username Name2 password xyz encrypted privilege 0
username Name3 password xyz encrypted privilege 15
username Name4 password xyz encrypted
username Name5 password xyz encrypted privilege 0
username Name6 password xyz encrypted privilege 15
username Name7 password xyz encrypted privilege 0
username Name8 password xyz encrypted
username Name9 password xyz encrypted
http server enable
http xxx.xxx.xxx.74 255.255.255.255 Outside
http ForeignDomain 255.255.255.255 Outside
http xxx.xxx.xxx.203 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 100 match address Outside_cryptomap_dyn_100
crypto dynamic-map Outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 120 match address Outside_cryptomap_dyn_120
crypto dynamic-map Outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 5
ssh xxx.xxx.xxx.74 255.255.255.255 Outside
ssh timeout 5
console timeout 15
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd dns 192.168.2.82 192.168.2.83
dhcpd lease 3600
dhcpd ping_timeout 50
tunnel-group NameA type ipsec-ra
tunnel-group NameA general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameA ipsec-attributes
pre-shared-key *
tunnel-group NameB type ipsec-ra
tunnel-group NameB general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameB ipsec-attributes
pre-shared-key *
tunnel-group NameC type ipsec-ra
tunnel-group NameC general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameC ipsec-attributes
pre-shared-key *
tunnel-group NameD type ipsec-ra
tunnel-group NameD general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameD ipsec-attributes
pre-shared-key *
tunnel-group NameE type ipsec-ra
tunnel-group NameE general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameE ipsec-attributes
pre-shared-key *
tunnel-group NameF type ipsec-ra
tunnel-group NameF general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameF ipsec-attributes
pre-shared-key *
tunnel-group NameG type ipsec-ra
tunnel-group NameG general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameG ipsec-attributes
pre-shared-key *
tunnel-group NameH type ipsec-ra
tunnel-group NameH general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameH ipsec-attributes
pre-shared-key *
tunnel-group NameI type ipsec-ra
tunnel-group NameI general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameI ipsec-attributes
pre-shared-key *
tunnel-group NameJ type ipsec-ra
tunnel-group NameJ general-attributes
address-pool linklocal
address-pool link-ipsec
default-group-policy link
tunnel-group NameJ ipsec-attributes
pre-shared-key *
tunnel-group NameK type ipsec-ra
tunnel-group NameK general-attributes
address-pool linklocal
address-pool link-ipsec
default-group-policy link
tunnel-group NameK ipsec-attributes
pre-shared-key *
tunnel-group NameL type ipsec-ra
tunnel-group NameL general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameL ipsec-attributes
pre-shared-key *
tunnel-group NameM type ipsec-ra
tunnel-group NameM general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameM ipsec-attributes
pre-shared-key *
tunnel-group NameN type ipsec-ra
tunnel-group NameN general-attributes
address-pool link-ipsec
default-group-policy link
tunnel-group NameN ipsec-attributes
pre-shared-key *
tunnel-group NameO type ipsec-ra
tunnel-group NameO general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameO ipsec-attributes
pre-shared-key *
tunnel-group NameP type ipsec-ra
tunnel-group NameP general-attributes
address-pool (Inside) link-ipsec
address-pool (Inside) linklocal
address-pool link-ipsec
address-pool linklocal
default-group-policy link
tunnel-group NameP ipsec-attributes
pre-shared-key *
ntp server 192.168.2.82 source Inside
tftp-server Inside 192.168.2.62 /ASA5510/Config20090403
smtp-server 192.168.2.39
Cryptochecksum:64826833a12fbf32decbf8218715a7b86
: end
ciscoasa# menu
exit

I didn't set this firewall up but it is my job to keep it working. Any and all suggestions would be greatly appreciated.

Thanks for the help,

Joe B
 
So no one has any ideas?

Thanks,

Joe B
 
Sorry to hear you are still having issues. I dont thing your problem is in the config. I said it early and jrdebug said it again. I believe your problem is your javascript version. I would bet that your laptop stopped working right after you did the auto update that pops up in the system tray. I would say you either need to downgrade your javascript on your computers or upgrade your ASA software to 8.4 or higher.
 
Hi Mordine,

I know how to go back in the javascript version but I don't have any idea how to get a newer version of the ASDM software. I'll Google it and see what pops up.

Thanks for the help,

Joe B
 
Oops! That's "ASA Software." I'll work on figuring that one out too.

Thanks,

Joe B
 
I guess I'll have to pass on the ASA software. The Cisco site is asking for a login and password and I don't have one. Time to head to the Java web site.

Thanks,

Joe B
 
Hey Mordine, here's a star 'cuz you were right--the problem was with the Java version. I removed my current version (6.13) and went back to 5.19 and it's working now.

Thanks again,

Joe B
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top