ASA 5505 Unable to launch device manager

Question

I've seen similar errors posted but I think mine is a little different. I'm new to Cisco, and was given an ASA 5505 to configure. I intended to do a factory reset, but ended up running an erase, which of course wiped everything out.

I've worked through formatting and putting ASA825 back on the device, and I've installed ASDM-645, and I can browse the website. I can open the https://x.x.x.x/admin landing page.

However when launching and logging in with the ASDM client, I receive a message "Unable to launch device manager from X.X.X.X"

When using the Java web start, I get: Unable to load resource: https://x.x.x.x/admin/public/asdm.jnlp.

I don't have support, but I have restarted, reloaded, repeated steps, and done everything I can think of to do. Do I have a bad bin file?

Answer 1

You'll need the ASA software, asa843-k8.bin, along with the corresponding ASDM software, asdm-645-106.bin. (search the Google)

You probably don't have web access, so you'll need to do this via the command line. The important portion once you've uploaded the files to the device is to set the boot and ASDM image:

!--- Command to set "asa843-k8.bin" as the boot image.

ASA5510(config)# boot system disk0:/asa843-k8.bin

!--- Command to set "asdm-645-106.bin" as the ASDM image.

ASA5510(config)# asdm image disk0:/asdm-645-106.bin

Answer 2

Get to command line on your ASA and run the following commands and check they look similar to the following:

ASA# sh run boot
boot system disk0:/asa832-k8.bin

ASA#sh run asdm
asdm image disk0:/asdm-633.bin

This shows that the ASA is configured to use compatible versions of the ASA and ASDM images.

Check which versions have loaded:

ASA#  sh bootvar
BOOT variable = disk0:/asa832-k8.bin
Current BOOT variable = disk0:/asa832-k8.bin

ASA# sh asdm image
Device Manager image file, disk0:/asdm-633.bin

These should all match what is in your config, but if they don't then you would see problems as the loaded versions of ASA and ASDM have to match.

Now you need to check what files are actually on the ASA:

ASA# sh disk
--#--  --length--  -----date/time------  path
  101  15962112    Sep 01 2010 15:21:40  asa832-k8.bin
  105  14497692    Sep 01 2010 15:23:32  asdm-633.bin

NB - you will see more files listed than this! You may see multiple version of the ASA and ASDM files, which is ok, but can cause problems if the config isn't quite right or a file is corrupt.

If you don't have the files you expect in place, look at what is there. If there are corresponding versions of ASA and ASDM on there, update the config to use them - this will allow you to access ASDM and you can upgrade via that if necessary. If there are multiple versions, start with the oldest ones first.

Useful links

• Upgrading ASA Software
• If things have gone terribly wrong you can use the console cable to transfer files

Another useful troubleshooting step is to connect a console cable to the ASA, get a console session up, and watch the output when booting - the ASA will report errors during the boot process, but you won't see them if you ssh in. Many errors will result in an ASA that functions, just not as expected.

You could also view the logs, but I prefer the above, as it shows you the errors that occur during boot, as they occur.

Answer 3

If you formatted your device you need to upload the ASDM image as well as the ASA825 image. You can probably get it from your hardware dealer. Make sure you have the correct ADSM version as well, designed for your ASA release.

Answer 4

Recent versions of Java seem to break the connection to older versions of the firmware. The recommended "fix" from Cisco is to upgrade to a newer version - which is really convenient for them since this requires an active support contract for the device in question (ie it costs money).

In some cases (but sadly not all!) it may help to adjust a setting in Java. Try this first:

1.) Open your Java Control Panel (for example by launching "Configure Java" in your start menu) 2.) Go to the Advanced tab 3.) Scroll down to Advanced Security Settings 4.) Locate option "Use SSL 2.0 compatible ClientHello format 5.) Enable this option by setting the checkbox 6.) Restart your Java environment. Make sure you have ASDM closed. If in doubt, or if you have instances of ASDM hung in your Taskmanager, reboot your PC.

This may in some cases solve the issue. But not for everybody (and I have no idea why to be honest).

So essentially the situation for some people may be this:

• new versions of Java broke your ASDM management of your Cisco box
• the "fix" according to Cisco is to purchase a support contract to get a newer version
• or downgrade to an older version of Java (6.3) and live with the security nightmare

In my case the support contract for an older ASA 5505 is actually more expensive than throwing it in the trash and buying a new device from scratch. Go figure. So I'll be using a downgraded Java version instead.

The irony: Downgrading to an insecre version of Java is not exactly going to be ideal for people who purchased an expensive "security appliance" from Cisco in the first place.

I understand that supporting products costs money, but making it so expensive that it completely breaks common sense and becomes more expensive than a new device is just - frankly - plain stupid. I will be limping along with my current device using an old Java version, and stay well clear of Cisco devices in the future.

Answer 5

Since no one else seems to have offered the following, I will even though it is an old post it seems to be still helpful and active: You have enabled http/https access but you need to finish that setup by adding the IP address for your workstation to the "Management Access" list. I have found this to be the corrective action on multiple ASA5505 units for clients as well as my own.

Answer 6

Its not the ASA or ASDM. If you do not have proper certificate, it will not work. Open Control Panel, Java and add the site certificate as Trusted. If you are using temp Cert, you will need to do this every time ASA Reboots.