ASDM Troubleshooting. Contents. Document ID: 110282. Introduction Prerequisites



Similar documents
PIX/ASA: Upgrade a Software Image using ASDM or CLI Configuration Example

Historical Reporting Client (HRC) User Login Fails

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

Moving Exchange Message Stores and Transaction Logs to an Alternate Drive

ASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example

ASA 8.x: Renew and Install the SSL Certificate with ASDM

Unity Error Message: Your voic box is almost full

PIX/ASA 7.x with Syslog Configuration Example

Managing Software and Configurations

Troubleshoot ViewMail for Outlook Issues

Checking SQL Server or MSDE Version and Service Pack Level

FTP, IIS, and Firewall Reference and Troubleshooting

Cisco Unity Connection WAV File Issues

Troubleshooting CallManager Problems with Windows NT and Internet Information Server (IIS)

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

Connecting to the Firewall Services Module and Managing the Configuration

Fixing Problems with IP Phone Services

CRS 4.x: Automatic Work and Wrap up Time Configuration Example

McAfee SMC Installation Guide 5.7. Security Management Center

Installation Guide for Pulse on Windows Server 2008R2

Configure Backup Server for Cisco Unified Communications Manager

Cisco QuickVPN Installation Tips for Windows Operating Systems

ASA/PIX: Allow Split Tunneling for VPN Clients on the ASA Configuration Example

Cisco Unified Communications Manager 7.x/8.x: Troubleshoot Backup Issue

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Installation Guide for Pulse on Windows Server 2012

VMware Horizon FLEX User Guide

Lab a Configure Remote Access Using Cisco Easy VPN

Configuring Cisco CallManager IP Phones to Work With IP Phone Agent

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

AnyConnect VPN Client FAQ

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

ProSystem fx Document

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

MITA End-User VPN Troubleshooting Guide

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

CUCM 6.x/7.x/8.x: Bulk Administration Tool (BAT) Errors

Practice Fusion API Client Installation Guide for Windows

Installing and Configuring vcenter Multi-Hypervisor Manager

Network Connect Installation and Usage Guide

2 Downloading Access Manager 3.1 SP4 IR1

FileMaker Server 14. FileMaker Server Help

vcenter Chargeback User s Guide vcenter Chargeback 1.0 EN

Microsoft Dynamics GP Release

VMware vcenter Support Assistant 5.1.1

Upgrade Guide BES12. Version 12.1

Configuring Trend Micro Content Security

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

NovaBACKUP Central Management Console

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Database Replication Error in Cisco Unified Communication Manager

Rebasoft Auditor Quick Start Guide

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

QUANTIFY INSTALLATION GUIDE

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Avalanche Remote Control User Guide. Version 4.1.3

Enterprise Manager. Version 6.2. Installation Guide

SonicOS Enhanced Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Agents Not Displayed on Cisco Supervisor Desktop

Paxera Uploader Basic Troubleshooting

VoIP Infrastructure Upgrade Desktop. User Group March 2014

Symantec LiveUpdate Administrator. Getting Started Guide

Stealth OpenVPN and SSH Tunneling Over HTTPS

How to Uninstall Manually and Upgrade the Cisco VPN Client 3.5 and Later for Windows 2000, Windows XP and Windows Vista

Configuring Basic Settings

User Management Tool 1.5

User Management Tool 1.6

Scenario: IPsec Remote-Access VPN Configuration

Contents. Platform Compatibility. Known Issues

Error Code Quick Reference Guide Updated 01/28/2015

NSi Mobile Installation Guide. Version 6.2

Installation Instruction STATISTICA Enterprise Server

Secure Messaging Server Console... 2

Aventail Connect Client with Smart Tunneling

Avalanche Site Edition

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

FileMaker Server 15. Getting Started Guide

Release Date May 10, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60654, USA

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

JAMF Software Server Installation Guide for Windows. Version 8.6

Receiver Updater for Windows 4.0 and 3.x

Infinity Web Viewer Reference Guide

Clientless SSL VPN Users

MultiSite Manager. Setup Guide

Integrated Virtual Debugger for Visual Studio Developer s Guide VMware Workstation 8.0

Re-associating.ica file extension on Vista/Windows 7 machines

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Installation Guide: Delta Module Manager Launcher

Configuring NetFlow Secure Event Logging (NSEL)

EM Single Sign On 1.2 (1018)

Configuring Basic Settings

Configuring Logging. Information About Logging CHAPTER

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

new Business Online Technical Troubleshooting Guide

Installation Notes for Outpost Network Security (ONS) version 3.2

Troubleshooting Guide. 2.2 Click the Tools menu on Windows Explorer 2.3 Click Folder Options. This will open a dialog box:

Transcription:

ASDM Troubleshooting Document ID: 110282 Contents Introduction Prerequisites Requirements Components Used Conventions Problem: You are Authorized to Access Only Home and Monitoring Views Problem: Your Firewall Image has a Version Number Null which is not Supported by ASDM 1 2 3 4 Problem: Using a 64 bit Java Version on Windows causes ASDM Launcher to Fail and the Launcher does not Run Problem: %ASA 7 725014: SSL lib error. Function: SSL3_GET_CLIENT_HELLO Reason: no shared cipher Problem: Unable to Launch Device Manager from ip address/hostname Problem: When 'http 0 0 outside' is configured, the 'Could not start admin' Error Message is Displayed Problem: Exception in thread "SGZ Loader: launchsgzapplet" java.lang.numberformatexception: For input string: "1 year 0" Problem: ASDM Cannot be loaded. Click Ok to exit ASDM. Unexpected end of file from server. Problem: Error ASDM is unable to read the configuration file Problem: Unable to Reset the VPN Tunnel using ASDM Problem: Unable to load the DLL "C:\Program Files\Java\jre6\bin\client\jvm.dll" Problem: Unable to view access list hit count entry on ASDM Problem: Unable to access ASDM when SSL encryption level is set to AES256 SHA1 Problem: ASA network objects get deleted when using ASDM version 6.4.5 Problem: Error ASDM cannot be loaded. Unconnected sockets not implemented. Problem: Performance issues when ASDM configuration size exceeds 512 kb on Windows Problem: Error received when accessing the IPS functionality tab in ASDM 6.2

Related Information Introduction This document provides information about an error message in the Cisco Adaptive Security Device Manager (ASDM). This video posted to the Cisco Support Community demonstrates how to troubleshoot a few of the common ASDM access issues: Prerequisites Requirements There are no specific requirements for this document. Components Used The information in this document is based on Cisco ASDM 5.0 and later. The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions Refer to Cisco Technical Tips Conventions for more information on document conventions. Problem: You are Authorized to Access Only Home and Monitoring Views If you click the Configuration tab in the ASDM, you might recieve this error message: "you are authorized to access only Home and Monitoring Views".

The error occurs due to the user privilege. Go to the PIX/ASA CLI prompt, and create the new user and password with full privilege 15 as shown here: ASA(config)#username cisco password cisco123 priv 15 The full privilege level allows you to log into the ASDM. Problem: Your Firewall Image has a Version Number Null which is not Supported by ASDM When you try to run the ASDM interface, the Your Firewall image has a version number null which is not support by ASDM error may be received. The same error on the FWSM appears as: Your FWSM image has a version number unknown which is not supported by ASDM This error is caused by one of these reasons: No ASDM image in the flash No aaa related configuration for ASDM access through http Incompatible Java version 1 Verify whether or not the compatible ASDM image exists in the flash, and then specify the location of the image: 2 ASA(config)#show asdm image ASA(config)#asdm image flash:asdm XXX.bin Enter the aaa command for ASDM access through http: 3 ASA(config)#aaa authentication http console <server tag> LOCAL Verify whether or not the Java version is compatible. Then upgrade/downgrade the Java version accordingly and install the JRE. 4 If you attempt to access the ASDM over a VPN connection, make sure the management access <ASDM access Interface name> command is configured on the ASA. For example, if the ASDM is accessed using the inside interface, then use the management access Inside command.

Problem: Using a 64 bit Java Version on Windows causes ASDM Launcher to Fail and the Launcher does not Run When you use a 64 bit Java version on Windows, it causes the ASDM Launcher to fail and the launcher does not run. This issue is documented in Cisco bug ID CSCtb86774 (registered customers only). The workaround is to run the ASDM using the web browser. Problem: %ASA 7 725014: SSL lib error. Function: SSL3_GET_CLIENT_HELLO Reason: no shared cipher This log displays when you try to load ASDM (which fails to load): %ASA 7 725014: SSL lib error. Function: SSL3_GET_CLIENT_HELLO Reason: no shared cipher In order to resolve this issue, use an alternate or additional encryption alogorithm and use the ssl encryption command: ASA(config)# ssl encryption rc4 sha1 ASA(config)# ssl encryption rc4 md5 Problem: Unable to Launch Device Manager from ip address/hostname This error message displays when you access the ASDM: In order to resolve this issue, check if a compatible ASDM image is on the flash or not: ASA#show asdm image

Problem: When 'http 0 0 outside' is configured, the 'Could not start admin' Error Message is Displayed This problem is caused by Cisco bug ID CSCsm39805 (registered customers only). As a result, ASDM cannot be launched. In order to resolve this issue, access the ASA through the CLI, and assign the http server to listen on a different port. Example 1: Example 2: ASA(config)#no http server enable ASA(config)#http server enable 444 ASA(config)#no http server enable 8923 ASA(config)#http server enable 8924 Problem: Exception in thread "SGZ Loader: launchsgzapplet" java.lang.numberformatexception: For input string: "1 year 0" This problem is caused by Cisco bug ID CSCsr89144 (registered customers only) in ASA running for more than one year with ASDM 6.0.3 or 6.1. As a result, ASDM cannot be launched. This error can be resolved by reloading the ASA. Problem: ASDM Cannot be loaded. Click Ok to exit ASDM. Unexpected end of file from server. This problem occurs when a user tries to connect to the ASA using ASDM. Reload the ASA. Problem: Error ASDM is unable to read the configuration file This problem is caused by Cisco bug ID CSCsx39786 (registered customers only) in ASA running with ASA 7.2.4 and ASDM 5.2.4. As a result, ASDM cannot be launched.

Downgrade to Java 6 Update 7. Problem: Unable to Reset the VPN Tunnel using ASDM The user is unable to reset the VPN Tunnel using ASDM. Select Monitoring > VPN > VPN statistics > VPN session and choose active tunnel and log off in order to reset the tunnel. Problem: Unable to load the DLL "C:\Program Files\Java\jre6\bin\client\jvm.dll" Not able to start ASDM because of the Java version mismatch. In order to avoid this error, perform these steps: 1. Downgrade the Java version to Version 6, Update 7. 2. Edit the adsm launcher config file and modify the Java path to the folder that contained the jvm.dll. Problem: Unable to view access list hit count entry on ASDM The Hit Counter of ASDM does not display a value, including zero (0). ASDM always sends a request for all ACLs in one HTTP server request string to the FWSM. The FWSM device is unable to handle the super long request to its HTTPS server from the ASDM, runs out of buffer space, and finally drops the request. When you have too many access lists, the request from ASDM to the FWSM becomes too long for the FWSM to process. As a result, it does not get the correct response. This is an expected behavior with the functionality of ASDM and the FWSM. Bugs CSCta01974 (registered customers only) and CSCsz14320 (registered customers only) have been filed to address this behavior with no known workaround. A temporary workaround is to use the CLI to monitor the ACL hits. There are several other bugs filed to address this issue which are superseded by another bug, CSCsl15055 (registered customers only). This bug shows that the issue is fixed in 6.1(1.54). For the FWSM, the fixed ASDM version is 6.2.1F. The issue has been fixed by tweaking how the ASDM queries the FWSM for the ACL information. Instead of sending one big, long request string that contains all the access list information, the ASDM now splits them into multiple meaningful requests and sends to the FWSM for processing. Note: The access list hit count entry on the FWSM is supported from version 4.0 onwards.

Problem: Unable to access ASDM when SSL encryption level is set to AES256 SHA1 User is unable to access ASDM when SSL encryption level is set to AES256 SHA1 on the PC. This issue occurs when the command ssl encryption rc4 sha1 aes128 sha1 aes256 sha1 3des sha1 is used which sets encryption level to AES256 SHA1. The issue can be resolved by either removing this command or by installing the JCE version of Java so that the PC becomes AES 256 compatible. Problem: ASA network objects get deleted when using ASDM version 6.4.5 While editing an existing network object using ASDM version 6.4.5, the object disappears from the list of all objects when you click OK. Downgrade to ASDM version 6.2.4 in order to resolve this issue. Problem: Error ASDM cannot be loaded. Unconnected sockets not implemented. The user receives the ASDM cannot be loaded. Unconnected sockets not implemented. error message when accessing the ASDM. This error message is the result of an incompatibility between the ASDM version and Java version, and is logged in Cisco bug ID CSCsv12681 (registered customers only). In order to resolve this issue, try one of these methods: Upgrade the ASDM to version 6.2 or later. Specify the Java version as Java 6 Update 7. Problem: Performance issues when ASDM configuration size exceeds 512 kb on Windows Performance issues seen on ASDM when the configuration exceeds 512 kb on a Windows machine. ASDM supports a maximum configuration size of 512 kb. If you exceed this amount, you may experience performance issues. For example, when you load the configuration, the status dialog shows the percentage of the configuration that is complete. However, with large configurations, it stops incrementing and appears to suspend operation, even though ASDM might still be processing the configuration. If this situation occurs, we recommend that you consider increasing the ASDM system heap memory.

In order to increase the ASDM heap memory size, modify the launcher shortcut. Complete these steps: 1. Right click the shortcut for the ASDM IDM Launcher, and choose Properties. 2. Click the Shortcut tab. 3. In the Target field, change the argument prefixed with Xmx in order to specify your desired heap size. For example, change it to Xmx768m for 768 MB or Xmx1g for 1 GB. For more information about this parameter, refer to the Xmx topic in this Oracle document. Note: This solution applies only to Windows PCs. Problem: Error received when accessing the IPS functionality tab in ASDM 6.2 After the upgrade to Java 1.6.0_18, ASDM 6.2 generates this error: Your current Java memory heap size is less than 512 MB. You must increase the Java memory heap size before accessing IPS functionality In order to resolve this issue, you need to increase the memory specification to 512 MB: Use the ASDM launcher on Windows: For ASDM versions lesser then/equal to 6.2 Right click the ASDM launcher icon on the desktop and change the target string value from Xmx256m to Xmx512m. For ASDM versions greater than 6.2 Go to file C:\Program Files\Cisco Systems\ASDM\asdm launcher.config and update string Xmx256m to Xmx512m. Use the Run ASDM option on Windows/Linux: When the Run ASDM option is selected, you will receive an option to download the asdm.jnlp file or bring up the ASDM using Java webstart. After you download the asdm.jnlp file, edit it in order to change the "max heap size" value from 256m to 512m. Then, bring up the asdm.jnlp file with Java webstart in order to bring up ASDM. Refer to Cisco bug ID CSCtf21045 (registered customers only) for more information. Related Information Cisco Adaptive Security Device Manager Product Support Cisco ASA 5500 Series Adaptive Security Appliances Product Support Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map 2012 2013 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Jun 20, 2012 Document ID: 110282

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information