Announcement

Collapse
No announcement yet.

PIX 515e asdm no work but telnet does

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PIX 515e asdm no work but telnet does

    We have Cisco PIX 515e firewall. Just recently i noticed that i cannot manage the device via ASDM. What i mean that i cannot manage is that i load ASDM and it says "Cisco ASDM 5.0 for PIX will start in another window. Closing this browser window will cause Cisco ASDM to exit" Then it says window is coming up 100% but it never does! It does the same for 4 different PCs all running WinXP sp3 so i know the PCs are not the problem. BUT I can telnet to the device no problem. Mind you that this never use to be a problem, I use to be able to use ASDM no problem. Any help is appreciated.

    Here is the config

    PIX Version 7.0(2)
    names
    !
    interface Ethernet0
    speed 100
    duplex full
    nameif outside
    security-level 0
    ip address (OUTSIDE GLOBAL) 255.255.255.252
    !
    interface Ethernet1
    speed 100
    duplex full
    nameif inside
    security-level 100
    ip address 192.168.1.2 255.255.255.0
    !
    interface Ethernet2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet4
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Ethernet5
    shutdown
    no nameif
    no security-level
    no ip address
    !
    enable password 7/s86K5QBcz6f3/Z encrypted
    passwd WDKElLt27iNNgjxZ encrypted
    hostname PIX
    domain-name DOMAIN.DOMAIN
    ftp mode passive
    dns retries 2
    dns timeout 2
    dns domain-lookup inside
    dns name-server 192.168.0.25
    dns name-server 192.168.1.19
    dns name-server 192.168.0.24
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq www
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq https
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq pop3
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq 3389
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq smtp
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) 3389
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) 3389
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) 3389
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) 3389
    access-list out_acl extended permit icmp any any
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq 5900
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq 3389
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) www
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq https
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq pop3
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq 3389
    access-list out_acl extended permit tcp any host (OUTSIDE GLOBAL) eq smtp
    access-list vpn_acl extended permit ip 192.168.1.0 255.255.255.0 192.168.250.0 255.255.255.0
    access-list vpn_acl extended permit ip 192.168.253.0 255.255.255.0 192.168.250.0 255.255.255.0
    access-list vpn_acl extended permit ip 192.168.100.0 255.255.255.0 192.168.250.0 255.255.255.0
    access-list vpn_acl extended permit ip host 192.168.0.4 192.168.250.0 255.255.255.0
    access-list split_tunnel standard permit 192.168.0.0 255.255.0.0
    access-list NAME extended permit ip host 192.168.0.4 host 172.31.10.19
    access-list outside_cryptomap_dyn_21 extended permit ip any 192.168.2.0 255.255.255.192
    no pager
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    ip local pool vpn-pool 192.168.250.1-192.168.250.254
    ip local pool VPN 192.168.2.1-192.168.2.50 mask 255.255.255.0
    no failover
    monitor-interface outside
    monitor-interface inside
    asdm image flash:/asdm
    no asdm history enable
    arp timeout 14400
    global (outside) 1 (OUTSIDE GLOBAL) netmask 255.255.255.255
    nat (inside) 0 access-list vpn_acl
    nat (inside) 1 192.168.0.0 255.255.0.0
    static (inside,outside) (OUTSIDE GLOBAL) 192.168.0.16 netmask 255.255.255.255
    static (inside,outside) (OUTSIDE GLOBAL) 192.168.0.25 netmask 255.255.255.255
    static (inside,outside) (OUTSIDE GLOBAL) 192.168.1.27 netmask 255.255.255.255
    static (inside,outside) (OUTSIDE GLOBAL) 192.168.0.30 netmask 255.255.255.255
    static (inside,outside) (OUTSIDE GLOBAL) 192.168.0.29 netmask 255.255.255.255
    access-group out_acl in interface outside
    route outside 0.0.0.0 0.0.0.0 (OUTSIDE GLOBAL) 1
    route outside 172.31.10.0 255.255.255.0 172.31.10.1 1
    route inside 192.168.0.0 255.255.0.0 192.168.1.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    wins-server value 192.168.0.10 192.168.1.19
    dns-server value 192.168.0.10 192.168.1.19
    default-domain value DOMAIN.local
    group-policy remote-vpn internal
    group-policy remote-vpn attributes
    vpn-idle-timeout 10
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split_tunnel
    default-domain value DOMAIN.DOMAIN
    username admin password PASSWORD encrypted privilege 15
    username password PASSWORD encrypted privilege 0
    aaa authentication http console LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http 0.0.0.0 0.0.0.0 outside
    http 192.168.1.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 inside
    snmp-server host inside 192.168.1.25 poll community Insight78kdhlj8i
    snmp-server location NAME
    snmp-server contact NAME
    snmp-server community Insight78kdhlj8i
    snmp-server enable traps snmp
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh 0.0.0.0 0.0.0.0 inside
    ssh timeout 5
    ssh version 2
    console timeout 0
    Last edited by templarvisonz; 29th December 2009, 19:12.

  • #2
    Re: PIX 515e asdm no work but telnet does

    this used to be a java issue with older versions of PDM and newer versions of java.

    but check this link out it may help

    https://supportforums.cisco.com/docs...6513E567.node0

    Comment


    • #3
      Re: PIX 515e asdm no work but telnet does

      1badco3 thank you for your input. i double checked my java and asdm versions compared to asdm version and everything checks out. so i know for a fact java or browser 95% sure cannot be the problem.
      any help is appreciated

      Comment


      • #4
        Re: PIX 515e asdm no work but telnet does

        Did you ever figure this out? I had similar issues that went away when I completely disabled my pop up blocker on IE. I began with poking a hole in the blocker and allowing that IP address, but it didn't work completely until I shut down the pop up blocker.
        Scott Pickles
        Systems Engineer
        VPN Systems, Inc.
        www. vpnsystems. com
        *******************
        CCNA - CCDA - BCMSN

        Comment


        • #5
          Re: PIX 515e asdm no work but telnet does

          Hey Spickles,

          If u had been reading my posts i have been busy trying to get our exchange server back in order. This is still an issue right now, but i will try disabling popup blocker. THanks

          Comment


          • #6
            Re: PIX 515e asdm no work but telnet does

            I had this happen to me and I simply uninstalled ASDM AND JAVA.
            re-download and install the ASDM package from your firewalls secure http site. (https://<inside-ip>
            also go and download an OLDER version of java... it's not recommended to use newer versions of java, it's a known problem with how it works with ASDM.

            Comment


            • #7
              Re: PIX 515e asdm no work but telnet does

              True - I want to say that as soon as Java update 7 hit we began to have problems. So stay at update 6 or below and I think you're fine with that.
              Scott Pickles
              Systems Engineer
              VPN Systems, Inc.
              www. vpnsystems. com
              *******************
              CCNA - CCDA - BCMSN

              Comment

              Working...
              X