ASDM error
Hi all
When I try to connect with my ASA using ASDM application I got this error message:
"ASDM is unable to read the configuration of the SAA. Please check the configuration and your connection and try again by clicking the Refresh button.
Any suggestion?
ASDM Version 5.2
ASA Version 7.2 (2)
Device Type ASA5520
seem to have java problem
downgrade to the older version.
JDK-6u7-windows-i586-p
Tags: Cisco Security
Similar Questions
-
Cannot access within LAN of Cisco Anyconnect
I'm new to the firewall and try to get my Anyconnect test configuration to connect to addresses within my Local network. The Anyconnect client connects easily, I can get to addresses Internet and tracer package told me it falls to phase 6, svc-webvpn. Can someone post my config? I don't know I'm missing something pretty obvious. Config is pasted below:
!
interface Ethernet0/0
Description< uplink="" to="" isp="">
switchport access vlan 20
!
interface Ethernet0/1
Description< inside="">
switchport access vlan 10
Speed 100
full duplex
!
interface Ethernet0/2
Description< home="" switch="">
switchport access vlan 10
!
interface Ethernet0/3
switchport access vlan 10
!
interface Ethernet0/4
!
interface Ethernet0/5
Shutdown
!
interface Ethernet0/6
Shutdown
!
interface Ethernet0/7
Shutdown
!
interface Vlan10
nameif inside
security-level 100
IP 192.168.1.99 address 255.255.255.0
!
interface Vlan20
nameif OUTSIDE
security-level 0
DHCP client dns update
IP address dhcp setroute
!
Vlan30 interface
No nameif
no level of security
no ip address
!
Banner motd
Banner motd +... +
Banner motd |
Banner motd | Any unauthorized use or access prohibited * |
Banner motd |
Banner motd | The Officer allowed the exclusive use.
Banner motd | You must have explicit permission to access or |
Banner motd | configure this device. All activities performed.
Banner motd | on this unit can be saved and violations of.
Banner motd | This strategy may result in disciplinary action, and |
Banner motd | may be reported to the police authorities. |
Banner motd |
Banner motd | There is no right to privacy on this device. |
Banner motd |
Banner motd +... +
Banner motd
boot system Disk0: / asa824-k8
passive FTP mode
clock timezone cst - 6
clock to summer time recurring cdt
permit same-security-traffic intra-interface
ICMP-type of object-group DEFAULT_ICMP
Description< default="" icmp="" types="" permit="">
response to echo ICMP-object
ICMP-unreachable object
ICMP-object has exceeded the time
object-group network obj and AnyConnect
host of the object-Network 192.168.7.20
host of the object-Network 192.168.7.21
host of the object-Network 192.168.7.22
host of the object-Network 192.168.7.23
host of the object-Network 192.168.7.24
host of the object-Network 192.168.7.25
access-list 101 extended allow icmp a whole
!
Note access-list ACL_OUTSIDE < anyconnect="" permit=""> >
ACL_OUTSIDE list extended access permitted tcp everything any https eq
ACL_OUTSIDE list extended access permit icmp any any DEFAULT_ICMP object-group
!
VPN_NAT list extended access permit ip host 192.168.7.20 all
VPN_NAT list extended access permit ip host 192.168.7.21 all
VPN_NAT list extended access permit ip host 192.168.7.22 all
VPN_NAT list extended access permit ip host 192.168.7.23 all
VPN_NAT list extended access permit ip host 192.168.7.24 all
VPN_NAT list extended access permit ip host 192.168.7.25 all
access-list extended sheep allowed ip group object obj-AnyConnect 192.168.1.0 255.255.255.0
pager lines 24
Enable logging
timestamp of the record
logging buffered information
logging trap information
exploitation forest asdm errors
MTU 1500 inside
Outside 1500 MTU
mask 192.168.7.20 - 192.168.7.25 255.255.255.0 IP local pool AnyconnectPool
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 645.bin
don't allow no asdm history
ARP timeout 14400
Global (1 interface OUTSIDE)
NAT (INSIDE) 1 192.168.1.0 255.255.255.0
NAT (OUTSIDE) 1 access-list VPN_NAT
Access-group ACL_OUTSIDE in interface OUTSIDE
!
router RIP
network 192.168.1.0
passive-interface OUTSIDE
version 2
!
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
AAA authentication http LOCAL console
Enable http server
http 192.168.1.0 255.255.255.0 inside
http 192.168.2.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Sysopt connection tcpmss 1200
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4688000 association
Crypto-map dynamic dynmap 20 the value transform-set ESP-3DES-SHA
map outside_map 64553-isakmp ipsec crypto dynamic dynmap
outside_map interface card crypto OUTSIDE
!
ISAKMP crypto identity hostname
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
VPN-addr-assign local reuse-delay 120
SSH 192.168.1.0 255.255.255.0 inside
SSH 192.168.2.0 255.255.255.0 inside
SSH timeout 60
Console timeout 0
management-access INTERIOR
DHCP-client broadcast-flag
dhcpd x.x.x.x dns
dhcpd rental 43200
dhcpd ping_timeout 2000
dhcpd auto_config OUTSIDE
!
dhcpd address 192.168.1.150 - 192.168.1.180 inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP 216.229.0.179 Server
SSL encryption, 3des-sha1-aes128-sha1 aes256-sha1 sha1 rc4
localtrust point of trust SSL outdoors
WebVPN
allow outside
AnyConnect essentials
SVC disk0:/anyconnect-win-4.2.01035-k9.pkg 1 image
SVC disk0:/anyconnect-linux-64-4.2.01035-k9.pkg 2 image
Picture disk0:/anyconnect-macosx-i386-4.2.01035-k9.pkg 3 SVC
enable SVC
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
internal Anyconnect group strategy
attributes Anyconnect-group policy
value x.x.x.x DNS server
VPN-tunnel-Protocol svc
the address value AnyconnectPool pools
type tunnel-group remotevpn remote access
tunnel-group Anyconnect type remote access
tunnel-group Anyconnect General attributes
strategy-group-by default Anyconnect
tunnel-group Anyconnect webvpn-attributes
enable MY_RA group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
Auto-update 30 3 1 survey period
Update automatic timeout 1
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
Hello
You are missing a NAT FREE for Anyconnect traffic would allow you to access inside the network.
access-list allowed sheep ip 192.168.1.0 255.255.255.0 192.168.7.0 255.255.255.0
NAT (inside) 0 access-list sheep
Add these two lines in the config file and you should be able to access the network interior.
Kind regards
Aditya
Please evaluate the useful messages and mark the correct answers.
-
RA VPN doesn't work is not on the second external interface
I've temporarily came from two Internet service providers in our ASA 5510. Which works very well. I tried to configure the VPN to our second outside interface (outside-XO) and who does not. The first/original VPN works great. Can someone look at the config and tell me if I did something wrong. It is not a customer number, because it is able to connect fine on the first interface. Thank you.
ASA Version 7.1 (2)
!
hostname FW01
dot.com domain name
activate the password * encrypted
names of
!
interface Ethernet0/0
nameif outside
security-level 0
IP address *.229.200 255.255.255.192
!
interface Ethernet0/1
Speed 100
full duplex
nameif inside
security-level 100
IP 192.168.2.3 address 255.255.255.0
!
interface Ethernet0/2
nameif outside-XO
security-level 0
IP address *.157.100 255.255.255.192
!
interface Management0/0
nameif management
security-level 100
IP 192.168.14.254 255.255.255.0
management only
!
passwd * encrypted
banner login attention is a private network. Unauthorized intruders will BE prosecuted to the extent of the ACT!
boot system Disk0: / asa712 - k8.bin
passive FTP mode
clock timezone PST - 8
clock summer-time recurring PDT 2 Sun Mar 2:00 1 Sun Nov 02:00
DNS server-group DefaultDNS
dot.com domain name
permit same-security-traffic intra-interface
object-group service tcp Server
HTTPS and www description
EQ object of the https port
port-object eq www
object-group service tcp Mail
SMTP POP3 access description
EQ Port pop3 object
EQ smtp port object
port-object eq 32000
non-standard tcp service object-group
Port Description 1429 and 1431
port-object eq 1431
port-object eq 1429
object-group service DNS tcp - udp
Description to allow outside DNS resolution
area of port-object eq
object-group service FTP tcp
FTP description
port-object eq ftp
SMTPMail tcp service object-group
Description SMTP only access
EQ smtp port object
IQWebServer tcp service object-group
Www and port 8082 description access
port-object eq www
EQ object Port 8082
EQ object of the https port
port-object eq 8999
SFTP tcp service object-group
Description SFTP_SSH
EQ port ssh object
outside_access_in list extended access permit tcp any host *. *.229.201 - a group of Web server objects
outside_access_in list extended access permit tcp any host *. *.229.202 object-group Mail
outside_access_in list extended access permit tcp any host *. *.229.202 - a group of Web server objects
outside_access_in list extended access permit tcp any host *. *.229.202 object-group DNS
outside_access_in list extended access permit tcp any host *. *.229.203 - group of non-standard items
outside_access_in list extended access permit tcp any host *. *.229.204 - a group of Web server objects
outside_access_in list extended access permit tcp any host *. *.229.205 - group of non-standard items
outside_access_in list extended access permit tcp any host *. *.229.208 - a group of Web server objects
outside_access_in list extended access permit tcp any host *. *.157.101 - a group of Web server objects
outside_access_in list extended access permit tcp any host *. *.157.102 object-group Mail
outside_access_in list extended access permit tcp any host *. *.157.102 - a group of Web server objects
outside_access_in list extended access permit tcp any host *. *.157.102 object-group DNS
outside_access_in list extended access permit tcp any host *. *.157.103 - group of non-standard items
outside_access_in list extended access permit tcp any host *. *.157.104 - a group of Web server objects
outside_access_in list extended access permit tcp any host *. *.157.105 - group of non-standard items
outside_access_in list extended access permit tcp any host *. *.157.108 - a group of Web server objects
access-list 150 extended permit tcp any any eq smtp
access-list sheep extended ip 192.168.0.0 allow 255.255.0.0 10.1.1.0 255.255.255.0
access-list sheep extended permits all ip 10.1.1.0 255.255.255.240
Splt_tnl list standard access allowed 192.168.0.0 255.255.0.0
Splt_tnl list standard access allowed 10.1.1.0 255.255.255.0
access-list extended webcap permit tcp any host *. * eq.164.210 smtp
access-list extended webcap permit tcp host * smtp eq.164.210 all
pager lines 24
Enable logging
logging asdm-buffer-size 200
buffered logging critical
exploitation forest asdm errors
Outside 1500 MTU
Within 1500 MTU
management of MTU 1500
outside-XO MTU 1500
mask 10.1.1.1 - 10.1.1.15 255.255.255.0 IP local pool VPNpool
mask 192.168.14.244 - 192.168.14.253 255.255.255.0 IP local pool VPNCisco
ICMP allow any inside
ASDM image disk0: / asdm512.bin
enable ASDM history
ARP timeout 14400
Global (outside) 1 *. *.229.194
Global (outside-XO) 1 *. *. 157.66
NAT (inside) 0 access-list sheep
NAT (inside) 1 192.168.0.0 255.255.0.0
public static tcp (indoor, outdoor) * domaine.229.202 192.168.14.166 netmask 255.255.255.255 area
public static tcp (indoor, outdoor) *.229.202 www 192.168.14.2 www netmask 255.255.255.255
public static tcp (indoor, outdoor) *.229.202 smtp smtp 192.168.14.2 mask 255.255.255.255 subnet
public static tcp (indoor, outdoor) *.229.202 192.168.14.2 pop3 pop3 netmask 255.255.255.255
public static tcp (indoor, outdoor) *.229.202 32000 192.168.14.2 32000 netmask 255.255.255.255
static (inside, outside) *. * 192.168.14.6.229.203 netmask 255.255.255.255
static (inside, outside) *. * 192.168.14.28.229.204 netmask 255.255.255.255
static (inside, outside) *. * 192.168.14.205.229.205 netmask 255.255.255.255
static (inside, outside) *. * 192.168.14.29.229.208 netmask 255.255.255.255
static (inside, outside) *. * 192.168.14.3.229.201 netmask 255.255.255.255
TCP static (inside, outside-XO) *. * domaine.157.102 192.168.14.166 netmask 255.255.255.255 area
TCP static (inside, outside-XO) *. *.157.102 www 192.168.14.2 www netmask 255.255.255.255
TCP static (inside, outside-XO) *. *.157.102 smtp smtp 192.168.14.2 mask 255.255.255.255 subnet
TCP static (inside, outside-XO) *. *.157.102 192.168.14.2 pop3 pop3 netmask 255.255.255.255
TCP static (inside, outside-XO) *. *.157.102 32000 192.168.14.2 32000 netmask 255.255.255.255
static (inside, outside-XO) *. * 192.168.14.3.157.101 netmask 255.255.255.255
static (inside, outside-XO) *. * 192.168.14.6.157.103 netmask 255.255.255.255
static (inside, outside-XO) *. * 192.168.14.28.157.104 netmask 255.255.255.255
static (inside, outside-XO) *. * 192.168.14.205.157.105 netmask 255.255.255.255
static (inside, outside-XO) *. * 192.168.14.29.157.108 netmask 255.255.255.255
Access-group outside_access_in in interface outside
Access-group outside_access_in in interface outside-XO
Route outside 0.0.0.0 0.0.0.0 *. * 1.229.193
Route inside 192.168.0.0 255.255.0.0 192.168.2.1 1
Route outside-XO 0.0.0.0 0.0.0.0 *. * 2.157.65
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00
Timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
attributes of Group Policy DfltGrpPolicy
No banner
WINS server no
DNS server no
DHCP-network-scope no
VPN-access-hour no
VPN - connections 3
VPN-idle-timeout 480
VPN-session-timeout no
VPN-filter no
Protocol-tunnel-VPN IPSec
disable the password-storage
disable the IP-comp
Re-xauth disable
Group-lock no
disable the PFS
IPSec-udp disable
IPSec-udp-port 10000
Split-tunnel-policy tunnelall
Split-tunnel-network-list no
by default no
Split-dns no
disable secure authentication unit
disable authentication of the user
user-authentication-idle-timeout 30
disable the IP-phone-bypass
disable the leap-bypass
disable the NEM
Dungeon-client-config backup servers
the firewall client no
rule of access-client-none
WebVPN
url-entry functions
HTML-content-filter none
Home page no
4 Keep-alive-ignore
gzip http-comp
no filter
list of URLS no
value of customization DfltCustomization
port - forward, no
port-forward-name value access to applications
SSO-Server no
value of deny message connection succeeded, but because some criteria have not been met, or because of a specific group policy, you are not allowed to use the VPN features. Contact your administrator for more information
SVC no
SVC Dungeon-Installer installed
SVC keepalive no
generate a new key SVC time no
method to generate a new key of SVC no
client of dpd-interval SVC no
dpd-interval SVC bridge no
deflate compression of SVC
Cisco strategy of Group internal
Cisco group policy attributes
value of server WINS 192.168.14.4 192.168.14.11
value of 192.168.14.4 DNS server 192.168.14.11
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list Splt_tnl
field default value *.com
username * password * encrypted
username * password * encrypted privilege 0
username * password * encrypted
username * password * encrypted
username * password * encrypted
username * password * encrypted privilege 15
username * password * encrypted privilege 15
the ssh LOCAL console AAA authentication
Enable http server
http 0.0.0.0 0.0.0.0 outdoors
http 192.168.0.0 255.255.0.0 inside
http 192.168.1.0 255.255.255.0 management
http 192.168.14.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outside-XO
SNMP-server host within the public 192.168.14.27 of the community
location of the SNMP server *.
contact SNMP Network Admin Server
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA
dynamic-map of crypto-XO_dyn_map 10 outside the value transform-set ESP-3DES-SHA
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
outside_map interface card crypto outside
outside-XO_map 65535 ipsec-isakmp crypto map outside Dynamics-XO_dyn_map
card crypto outside-XO_map interface outside-XO
ISAKMP allows outside
ISAKMP enable outside-XO
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 3des encryption
ISAKMP policy 10 sha hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
ISAKMP nat-traversal 20
IPSec-attributes tunnel-group DefaultL2LGroup
ISAKMP keepalive retry threshold 600 10
IPSec-attributes tunnel-group DefaultRAGroup
ISAKMP keepalive retry threshold 600 10
tunnel-group, type Cisco ipsec-ra
attributes global-tunnel-group Cisco
address pool VPNpool
Group Policy - by default-Cisco
tunnel-group Cisco ipsec-attributes
pre-shared-key *.
ISAKMP keepalive retry threshold 600 10
Telnet 192.168.0.0 255.255.0.0 inside
Telnet 192.168.14.109 255.255.255.255 inside
Telnet 192.168.14.36 255.255.255.255 inside
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH timeout 5
Console timeout 10
management-access inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
INSPECT class-map
class-map inspection_default
match default-inspection-traffic
!
!
Policy-map global_policy
class INSPECT
inspect the dns
inspect the http
inspect the icmp
inspect the tftp
inspect the ftp
inspect the h323 ras
inspect h323 h225
inspect the snmp
inspect the sip
inspect esmtp
class inspection_default
inspect the ftp
!
global service-policy global_policy
TFTP server inside 192.168.14.21 TFTP-root /.
192.168.14.2 SMTP server
Cryptochecksum:5eedeb06395378ed1c308a70d253c1b6
: endHello
Should work.
What I think is the routes:
Route outside 0.0.0.0 0.0.0.0 *. * 1.229.193
Route outside-XO 0.0.0.0 0.0.0.0 *. * 2.157.65If the first interface is ok, the ASA does not go to route packets via the second interface, so VPN will be not through this interface.
On the client, can you PING the two IPs outside of ASA or only the first?
Try to add a static route on the SAA to secondary education outside interface pointing to the address of the customer and try to connect via VPN and see if it works.
Orders:
HS cry isa his
HS cry ips its
Will be a big help as well, when the VPN connection attempt failed.
Federico.
-
Hello
I got my ASA working from work and the other day that I started getting an error:
IMPOSSIBLE FOR THE LAUNCH OF (MY HOUSE @ IP STATIC) DEVICE MANAGER
It used to work fine and I am able to load it on my local network. Someone said maybe this is my version of Java. So I downloaded Java 6 and installed that, without change. Does anyone have any ideas on what it could be?
----------------------------------------------------
Application logging started at Fri Jan 21 12:04:58 MST 2014
---------------------------------------------
Local Launcher version = 1.5.69
Display local Launcher = 1.5 Version (69)
Click on the OK button
java.lang.NullPointerException
at com.sun.deploy.security.DeployManifestChecker.printWarningsIfRequired (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.doShowDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.http.HttpURLConnection.getInputStream (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.getInputStream (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
at com.cisco.launcher.s.actionPerformed (unknown Source)
at javax.swing.AbstractButton.fireActionPerformed (unknown Source)
in javax.swing.AbstractButton$ Handler.actionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.setPressed (unknown Source)
at javax.swing.AbstractButton.doClick (unknown Source)
to javax.swing.plaf.basic.BasicRootPaneUI$ Actions.actionPerformed (unknown Source)
at javax.swing.SwingUtilities.notifyAction (unknown Source)
at javax.swing.JComponent.processKeyBinding (unknown Source)
at javax.swing.KeyboardManager.fireBinding (unknown Source)
at javax.swing.KeyboardManager.fireKeyboardAction (unknown Source)
at javax.swing.JComponent.processKeyBindingsForAllComponents (unknown Source)
at javax.swing.JComponent.processKeyBindings (unknown Source)
at javax.swing.JComponent.processKeyEvent (unknown Source)
at java.awt.Component.processEvent (unknown Source)
at java.awt.Container.processEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Window.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.EventQueue.dispatchEventImpl (unknown Source)
to java.awt.EventQueue.access$ 200 (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
at java.awt.EventQueue.dispatchEvent (unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.run (unknown Source)
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java could not be trusted to server
at sun.security.ssl.Alerts.getSSLException (unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.http.HttpURLConnection.getInputStream (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.getInputStream (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
at com.cisco.launcher.s.actionPerformed (unknown Source)
at javax.swing.AbstractButton.fireActionPerformed (unknown Source)
in javax.swing.AbstractButton$ Handler.actionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.setPressed (unknown Source)
at javax.swing.AbstractButton.doClick (unknown Source)
to javax.swing.plaf.basic.BasicRootPaneUI$ Actions.actionPerformed (unknown Source)
at javax.swing.SwingUtilities.notifyAction (unknown Source)
at javax.swing.JComponent.processKeyBinding (unknown Source)
at javax.swing.KeyboardManager.fireBinding (unknown Source)
at javax.swing.KeyboardManager.fireKeyboardAction (unknown Source)
at javax.swing.JComponent.processKeyBindingsForAllComponents (unknown Source)
at javax.swing.JComponent.processKeyBindings (unknown Source)
at javax.swing.JComponent.processKeyEvent (unknown Source)
at java.awt.Component.processEvent (unknown Source)
at java.awt.Container.processEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Window.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.EventQueue.dispatchEventImpl (unknown Source)
to java.awt.EventQueue.access$ 200 (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
at java.awt.EventQueue.dispatchEvent (unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.run (unknown Source)
Caused by: java.security.cert.CertificateException: Java could not be trusted to server
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
... more than 59
java.lang.NullPointerException
at com.sun.deploy.security.DeployManifestChecker.printWarningsIfRequired (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.doShowDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.http.HttpURLConnection.getInputStream (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.getInputStream (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
at com.cisco.launcher.s.actionPerformed (unknown Source)
at javax.swing.AbstractButton.fireActionPerformed (unknown Source)
in javax.swing.AbstractButton$ Handler.actionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.setPressed (unknown Source)
at javax.swing.AbstractButton.doClick (unknown Source)
to javax.swing.plaf.basic.BasicRootPaneUI$ Actions.actionPerformed (unknown Source)
at javax.swing.SwingUtilities.notifyAction (unknown Source)
at javax.swing.JComponent.processKeyBinding (unknown Source)
at javax.swing.KeyboardManager.fireBinding (unknown Source)
at javax.swing.KeyboardManager.fireKeyboardAction (unknown Source)
at javax.swing.JComponent.processKeyBindingsForAllComponents (unknown Source)
at javax.swing.JComponent.processKeyBindings (unknown Source)
at javax.swing.JComponent.processKeyEvent (unknown Source)
at java.awt.Component.processEvent (unknown Source)
at java.awt.Container.processEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Window.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.EventQueue.dispatchEventImpl (unknown Source)
to java.awt.EventQueue.access$ 200 (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
at java.awt.EventQueue.dispatchEvent (unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.run (unknown Source)
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java could not be trusted to server
at sun.security.ssl.Alerts.getSSLException (unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.http.HttpURLConnection.getInputStream (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.getInputStream (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
at com.cisco.launcher.s.actionPerformed (unknown Source)
at javax.swing.AbstractButton.fireActionPerformed (unknown Source)
in javax.swing.AbstractButton$ Handler.actionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed (unknown Source)
at javax.swing.DefaultButtonModel.setPressed (unknown Source)
at javax.swing.AbstractButton.doClick (unknown Source)
to javax.swing.plaf.basic.BasicRootPaneUI$ Actions.actionPerformed (unknown Source)
at javax.swing.SwingUtilities.notifyAction (unknown Source)
at javax.swing.JComponent.processKeyBinding (unknown Source)
at javax.swing.KeyboardManager.fireBinding (unknown Source)
at javax.swing.KeyboardManager.fireKeyboardAction (unknown Source)
at javax.swing.JComponent.processKeyBindingsForAllComponents (unknown Source)
at javax.swing.JComponent.processKeyBindings (unknown Source)
at javax.swing.JComponent.processKeyEvent (unknown Source)
at java.awt.Component.processEvent (unknown Source)
at java.awt.Container.processEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.KeyboardFocusManager.redispatchEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent (unknown Source)
at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions (unknown Source)
at java.awt.DefaultKeyboardFocusManager.dispatchEvent (unknown Source)
at java.awt.Component.dispatchEventImpl (unknown Source)
at java.awt.Container.dispatchEventImpl (unknown Source)
at java.awt.Window.dispatchEventImpl (unknown Source)
at java.awt.Component.dispatchEvent (unknown Source)
at java.awt.EventQueue.dispatchEventImpl (unknown Source)
to java.awt.EventQueue.access$ 200 (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
in java.awt.EventQueue$ 3.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
in java.awt.EventQueue$ 4.run (unknown Source)
at java.security.AccessController.doPrivileged (Native Method)
in java.security.ProtectionDomain$ 1.doIntersectionPrivilege (unknown Source)
at java.awt.EventQueue.dispatchEvent (unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter (unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.pumpEvents (unknown Source)
at java.awt.EventDispatchThread.run (unknown Source)
Caused by: java.security.cert.CertificateException: Java could not be trusted to server
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
... more than 59
Been trying for ASDM file Version; URL = https://199.195.168.123/admin/
java.lang.NullPointerException
at com.sun.deploy.security.DeployManifestChecker.printWarningsIfRequired (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.doShowDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.connect (unknown Source)
at com.cisco.launcher.y.a (unknown Source)
at com.cisco.launcher.y.if (unknown Source)
at com.cisco.launcher.r.a (unknown Source)
at com.cisco.launcher.s.do (unknown Source)
at com.cisco.launcher.s.null (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
to com.cisco.launcher.s.access$ 000 (unknown Source)
to com.cisco.launcher.s$ 2.a (unknown Source)
to com.cisco.launcher.g$ 2.run (unknown Source)
at java.lang.Thread.run (unknown Source)
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java could not be trusted to server
at sun.security.ssl.Alerts.getSSLException (unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.connect (unknown Source)
at com.cisco.launcher.y.a (unknown Source)
at com.cisco.launcher.y.if (unknown Source)
at com.cisco.launcher.r.a (unknown Source)
at com.cisco.launcher.s.do (unknown Source)
at com.cisco.launcher.s.null (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
to com.cisco.launcher.s.access$ 000 (unknown Source)
to com.cisco.launcher.s$ 2.a (unknown Source)
to com.cisco.launcher.g$ 2.run (unknown Source)
at java.lang.Thread.run (unknown Source)
Caused by: java.security.cert.CertificateException: Java could not be trusted to server
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
... 21 more
Try to IDM. URL =https://199.195.168.123/idm/idm.jnlp/
java.lang.NullPointerException
at com.sun.deploy.security.DeployManifestChecker.printWarningsIfRequired (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.doShowDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.TrustDeciderDialog.showDialog (unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.http.HttpURLConnection.getInputStream (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.getInputStream (unknown Source)
at com.cisco.launcher.w.a (unknown Source)
at com.cisco.launcher.s.for (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
to com.cisco.launcher.s.access$ 000 (unknown Source)
to com.cisco.launcher.s$ 2.a (unknown Source)
to com.cisco.launcher.g$ 2.run (unknown Source)
at java.lang.Thread.run (unknown Source)
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java could not be trusted to server
at sun.security.ssl.Alerts.getSSLException (unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.Handshaker.fatalSE (unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate (unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage (unknown Source)
at sun.security.ssl.Handshaker.processLoop (unknown Source)
at sun.security.ssl.Handshaker.process_record (unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord (unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake (unknown Source)
to sun.net. www.protocol.https.HttpsClient.afterConnect (unknown Source)
to sun.net. www.protocol.https.AbstractDelegateHttpsURLConnection.connect (unknown Source)
to sun.net. www.protocol.http.HttpURLConnection.getInputStream (unknown Source)
to sun.net. www.protocol.https.HttpsURLConnectionImpl.getInputStream (unknown Source)
at com.cisco.launcher.w.a (unknown Source)
at com.cisco.launcher.s.for (unknown Source)
at com.cisco.launcher.s.new (unknown Source)
to com.cisco.launcher.s.access$ 000 (unknown Source)
to com.cisco.launcher.s$ 2.a (unknown Source)
to com.cisco.launcher.g$ 2.run (unknown Source)
at java.lang.Thread.run (unknown Source)
Caused by: java.security.cert.CertificateException: Java could not be trusted to server
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted (unknown Source)
... 19 more
Hello
It is a known issue with Java 1.7update 51. The Launcher will not work with update51. We are working on that. as a solution, please launch the ASDM using the webstart.
-
Cannot start device - ASDM question Manager
Hello
I have recently updated our router to spare ASA 5510 to version 9.1 (3) with image ASDM Version 7.1 (5) 100.
The customer I try to run the ASDM launcher on Windows 7 x 64 is the latest version of Java (updated 7-5).
I am able to do at the hand of the screen when I have https to the device. I can install the ASDM launcher, but as soon as I get the host name and the password I have the following error "could not launch 192.168.X.XXX Device Manager."
I went through a checklist and I can confirm the following:
-3des-sha1 license is activated
-Http server is enabled for my customer subnet
-ssl encryption is enabled
-Tried Firefox and IE10
When I try to run the ASDM via the browser I go as far as to ask for the password, and although the initial prompt seems to accept it, an another authentication box will appear asking you to do this over and over again in an infinite loop.
I have lived through many forum posts and checklists, but I can't seem to identify this problem.
If it helps, the box was already flashed back to factory default before I then applied the configuration from scratch (depending on the configuration of our live cam ASA 5510).
Can anyone help please?
Thank you
Hi Anthony,.
Since then, you must have more control on ASA:
AAA authentication http LOCAL console
Alongside this, there should be a user name and password in the local data base of the SAA. Then try to configure command, then check:
username cisco password cisco
After this attempt to access two cisco ASDM with username and password and check if it works or not.
-Prateek Verma
-
Last night we went to upgrade our firewall so that only TLS1.x and AES-256/SHA-1 can be used for VPN connections in the box. After doing so, ASDM has stopped working, AnyConnect still works without problem.
Java has reported an error in the SSL handshake. I went to reactivate the mechanisms of encryption one by one and determined that AES-128/SHA1 is the encryption algorithm above, sure I can connect via ASDM. I tried updating to the latest version of ASDM and 7.5 (2) doesn't connect on something higher to AES - 128. We use a certificate self-signed inside the interface, so I enabled ASDM on the outside where we have a third valid cert and tried connecting via https://
/Admin to make sure it wasn't a certificate problem and no dice. It's a bit strange to me that ASDM only supports AES-256. I wonder if anyone has any ideas as to why I can't connect to AES-256 and/or workaround. It would also be allowed to use AES - 128 for the ASDM internally and AES - 256 connections for VPN connections; but I don't see any way to activate the SSL encryption on use by application methods, it seems that I can only configure them in the world and am therefore stuck with allow VPN connections to use AES - 128, if they wish (I made connections will negotiate to AES - 256 before attempting to AES - 128, but I would like to disable completely AES-128).
Specs below, thank you in advance for your help.
Plug
ASA Version: 9.2 (2) 4
ASDM Version: 7.4 (2), I also tried 7.5 (2)
I thought about it and found an article that confirms my suspicions.
ASDM is just a Java applet. As such, it uses the security it offered by your local installation of Java libraries.
I found confirmation in this note of TAC: http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-dev...
I tried the instructions and (.. .wait for IT...) -It works!
I went to the download page of Oracle for my Java version 8 here: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-21...
I then these decompressed files and put them in the subdirectory appropriate according to the readme file. It was a little difficult to figure out exactly which of the several Java ASDM directories used - I have done this, right click on the process in the Task Manager, then go to the location of the file.
(Note: when you upgrade the Oracle, so it can write a new directory - you will have to periodically repeat this step.)
Given that, I put the two new files, changed my SSL encryption algorithm customized to exclude the AES-128 and then revived ASDM. I started Wireshark with a capture filter for my address ASA and watched the negotiating TLS 1.2 negotiate the AES-256 encryption.
In the sense of "it didn't happen if there is no pictures", extra points for the screenshot of the real package decode (open in a new tab to zoom in):
-
ASA5505 inscription on SSL cert error when applied to the interface?
Created a CSR, gets the certificate files, the downloaded ASA505. Three certificates in the CA certificates; the one in the certificate of identification. Everything seems all just wonderful. "Now use the SSL certs: in trying to associate the certificate with the Interface in the SSL settings section, we get an error"
[OK] ssl encryption rc4-aes128-sha1 aes256-3des-sha1 sha1 sha1
[ERROR] ssl trust-point ASDM_TrustPoint5 outside
Trustpoint are not registered. If please register trustpoint and try again.The cert will appear in the drop-down selection, why the error? How do I delete it?
Hi Stewart Buswell,
I have seen this problem when starting the CSR request through the CLI by using the configuration of the terminal of registration and then going to the ASDM and adding the identity certificate without using the command crypto ca enroll through the CLI.
In this case, if you use the CLI/ASDM you can follow this guide:
http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...
And the way to solve this problem will be generation a new CSR on the ASDM using the same key pair and install the certificate on this trustpoint. After you apply the cert to the ssl, you can remove the old one which was not.
Hope this info helps!
Note If you help!
-JP-
-
Impossible to download the package to the ASDM
Hello team,
I have an ongoing problem here. Initially when I bought the Cisco ASA 5505 other guys IT registered who on their own ID of ORC. Now that they have left the company and person have no contact with them.
I activated the SSH and I am able to login via putty/tera term, but when I access my device IP that is https://192.168.35.1 it gives me an error which and the page does not load. After continued research, I found that it has no ASDM package in flash player. When I went to downloads on Cisco's Web site, he asked me the Cisco ID and I have created a new and attached the device S/N and the device was attached to my CCO login. When I download it after that, it shows that I don't have a "valid service contract.
Is there a way I can download it?
Or I'm sued for my life by my boss?
Thank you
Buxant
You can try to look on some of the biggest Web retailer sites like CEP, but unfortunately I have no idea about the cost. It can vary according to the statements of the feature and the level of support you are looking for.
-
Hello
I try to access Cisco ASA5510 using ASDM but without success. The running configuration file is attached. I tried to debug ASDM and HTTP and got the following error...
HTTP: treatment given to the legacy server admin / [admin]
HTTP session: checked = [0]
HTTP: URL GET treatment "/ admin' host 6.6.6.10"
HTTP: redirect to: /admin/public/index.html
HTTP session: checked = [0]
HTTP: treatment GET URL ' / admin/public/index.html' host 6.6.6.10
HTTP: authentication is not required
HTTP: file not found: public/index.html
HTTP: treatment given to the legacy server admin [/ favicon.ico]
HTTP session: checked = [0]
HTTP: treatment GET URL ' / favicon.ico' host 6.6.6.10
HTTP: required authentication, no authentication information was providedI tried my best to solve problems but does not succeed. Please help solve the problem.
Jean Marc
Hi John,.
The problem should be linked to the compatibility of version asdm, you use a version of asdm incompatibility with your version of ios ASA. ASA 8.2 (1) requires asdm version 6.2 (1) or later, and the recommended version would be the 7.3 (1).
Kind regards
Aref
-
Power of fire Access Control Policy - error after re-image
Hello world
I have recently given in image module power light (6.0.0) on a Cisco ASA 5512-x and I have this error on the section of access control policy:
Whence this reference to politics? I have not deleted something, this is a new installation.
Any ideas?
Thank you
Hello
The error indicates that it might be a bad installation where there was a problem when restarting,
You can try to import any other ASDM access control strategy and see if it works.
If the problem persists, you will need to follow the steps below:
1) uninstall the SFR sw-module module sfr uninstall 2) wr mem 3) Reload ASA ( in Maintenance window) 4) load the boot image (6.0.0.1055) 5) Load the package file Check the ASDM again and see if the policy apply works. Rate if it helps. Thanks,Ankita
-
Cannot access the AIP SSM via ASDM
CISCO recommendations below:
Cannot access the AIP SSM via ASDM
Problem:
This error message appears on the GUI.
Error connecting to sensor. Error Loading Sensor error
Solution:
Make sure that the IPS SSM management interface is up/down and check his IP address configured, default gateway and the subnet mask. It is the interface to access the software from Cisco Adaptive Security Device Manager (ASDM) on the local computer. Try to ping the address of management of IPS SSM IP interface on the local computer that you want to access the ASDM. If it is impossible to do a ping check the ACLs on the sensor
----------------------------------------------------------------------------------------------------------------------------------------------
I've tried everything recommended above. I can ping the host ASDM the FW and the SSM-10 module. Well, I ping the host machine and the SSM of the ASDM. I opened as wide as possible ACL. I changed the IP addresses and masks several times. The management of the ASA port and the SSM and the PC are on the same subnet.
A trace of package from the PC to the SSM shows that it is blocked by an ACL rule, and yet I opened wide. I've seen this kind of problem before and it was solved by applying the double static NAT, but I don't know how to do that if all the IP addresses are on the same subnet.
Tried everything, need help from high level.
The IDM software that comes with ASDM does not support java 1.7. The portion of the ASDM ASA supports 1.7 but launch the IPS cmdlet works only with 1.6. The TAC enginner suggested that I use the IME (IPS Manager Express) which is available for free on the Cisco's (http://www.cisco.com/en/US/products/ps9610/tsd_products_support_general_information.html) Web site.
I've been playing with it today, and so far it seems to work pretty well.
-
Problem to run the IPS of ASDM
Hi guys, I have an ASA 5520 ver 8.4 with a module AIP-SSM-40, when I finished the configuration, I can ping from ASA IPS module and the IPS module to ASA. I can ping IPS module to my PC and so on. the problem is when I try to launch the IDM (IPS tab) of the ASDM,
This error message appears on the GUI. Error connecting to the sensor. Load sensor error. I have connected the interface of management of IP addresses to a switch, the ASA is connected to the same switch, and my PC is also connected to this switch, all in the same vlan.
Can you help me on what can I do to solve it.
Thank you.
Hi Hugo,.
Please see the following link
https://supportforums.Cisco.com/thread/2092783
http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00808908d5.shtml
Kind regards
Prashant
-
I get my new home of ASA5506-X and pop of their opening, ready to set up fully, then I get the following error:
«With the current system of license will be only supports 2 interfaces fully function.» Third interface can be added but the traffic from this interface to another interface need to be blocked. »
Why have I not 8 ports on the firewall and I can't use them? Only, I get this message in the ASDM. No where in the documentation for cisco reported that there is a license limit. When I look at the NVA of show, I see "Interface physics Maximum: unlimited."
I hope that this is a bug any.
Thank you.
It looks like a bug. What ASDM version do you use?
It is certainly not a restriction of unity - even with the Base license. Reference.
-
How to change the ASA and ASDM on ASA5505 questioned once
Can anyone suggest the way to upgrade the software on the Cisco ASA5505 simultaneously both ASA and ASDM without trouble, like I just did?
Here is what happened. I copied the files asa821 - k8.bin and asdm - 621.bin for flash memory, then renamed the old versions like Oasa724 - k8.bin and Oasdm - 524.bin and then issued the command reload from the GUI of Windows.
Big mistake, I lost connectivity ASDM entirely and has been obliged to buy a USB to serial port adapter and plug the cable from port of CLI command so she can return to the unit. I found that he was running the kernel asa821 - k8.bin, as expected, but apparently the ASDM was still under the version 5.24.
Should I have created a new folder and moved the older versions of this file, then issued the command reload system and hope for the best?
I feel that I've defiled things upwards, I guess I have to use tftp to reload the boot image to get the ASA5505 back up again (using the ROMMON commands)
In fact, the only way that I was able to recover the GUI of Windows used start to asa724 image - k8.bin older command.
What is the right way to upgrade to new versions asa 8.2 (1) and asdm 6.2 (1)?
Really, I don't want to risk losing my ability to speak with this box and I spent an anxious afternoon yesterday, when I got to the pop-up message box "can not display the asdm manager."
======
After working with the CLI port, I noticed the following error:
Set of images of Manager devices, but unable to find disk0: / asdm - 524.bin
Out of config line 75, "asdm image disk0: / asdm-5...» »So apparently some configuration file must point to the correct asdm and just blindly change the files in the folder will NOT work.
========
After working more with the port of the CLI and the GUI of Windows port, I found that the 'asdm image' command did NOT work in the CLI software, but was apparently working in the GUI software, so I ran this command to tell the system to use the recent 6.21 on start.
After that and issuing the command reload of the CLI, I was able to set up successfully with the latest software of asa and asdm.
I would like to have access to CLI is valuable in this case.
I DON'T know why the command 'asdm image' appears inaccessible on the CLI port.
Any ideas?
As far as I'm concerned this problem has been resolved (using educated error)
The boot of the ASA when he tries to use the command 'system startup' file in the config. If it is not very well this file (it was not there because you renamed it), it starts the first image he will find...
However for ASDM ASA uses just the image you have. You were pointing to asdm5.2 and renamed, there was no valied ASDM image to use.
In other words you must have just changed the 'asdm image"and"system start"commands in the config and point to new files, save the configuration and restart and then it would have worked fine.
I hope it helps.
PK
-
Transfer the image to the ASDM ASA on the anyconnect VPN
I'm relatively new to the ASA firewalls. My previous experience of firewall is a firewall provider. I work with an ASA 5515 - X running ASA 915 and ASDM 713. I connect Windows 8 and therefore improve the ASDM to 731. I've done it before no problem. My problem with this particular update is that I really need to download the image to a VPN connection. I can't configure a NAT device on my end to allow the ASA to connect to my public IP address - so I can connect to the ASA via anyconnect. I can't SSH in public IP address of the ASA (for now) but I can't transfer the asdm image obviously not my public IP b/c I have no NAT on my end. So I connect my PC to the anyconnect service and get an IP VPN. I need to run the command:
copy ftp://user: [email protected] / * *//asdm-731.bin disk0:
I get the following output: for access to the ftp://user: [email protected] / * *//asdm-731.bin...
Error opening % ftp://user: [email protected] / * *//asdm-731.bin (Permission denied)Anyone know good ways to solve this CLI only?
Thanks for your help.
Zach
Looks like a FTP permission problem. The user has read access? Also, make sure that your 8 victory is tuned for FTP requests on map virtual VPN.
one of the other option is to use a host of jump in your lan behind asa and open the asdm from there, using asdm, it will be easier to copy the file to asa flash.
Maybe you are looking for
-
Where can I find a 64 bit version (official) of Firefox for windows 10?
I've been scanning the Web for a product Mozilla Firefox 64 bit, but all I can find are 5 months there are forums who say he should be released sometime in September.
-
How to answer an e-mail sent as attachment
I just got an email (an email to) asking that I have send an email previously sent (e-mail B). I would like to meet A email and as part of my answer, I want to forward e-mail B as an attachment to the email A. Could someone explain to me how this s
-
I want addons 'TransTorrent', but the site says that we exist is not here then please put it again to download
-
How can you correct in 9.2.1 iOS game Center?
I need help with Game Center to work in 9.2.1 update games running Game Center does not work and I can't go to the app itself because it just freezes. Same thing when I go into settings of anything other than the last image before I hit the icon... I
-
upgrading ram keep getting unrecognized disks check it please message of power cables
I have hp m9500y elite rinning windows 7 ultimate 64 cant upgrade ram to 8 GB to 16 gig