ASDM Launcher

I recently bought the ASA 5505 but am unable to download the ASDM Launcher or VPN client software

Still with a CCO you should be able to download the VPN client, The ASDM launcher can be installed buy navigating to the ASA webpage and clicking install.

Similar Messages

ASDM Launcher doesn't work on Win7 64 bit after reinstalling Win7

Reinstalled Win7 64bit and have been unable to get the ASDM launcher to work. I can connect to multiple ASAs via HTTPS. If I install the ASDM from v6.3.4 or 6.4.5, the launcher for that specific device works fine using:
C:\Windows\SysWOW64\javaws.exe -localfile -J-Djnlp.application.href=https://<ipaddress>/admin/public/asdm.jnlp "C:\Users\rwrussell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\2f5259de-112bec59"
However, the ASDM launcher which prompts you for the IP address of the node you want to connect to doesn't work. It pops up and prompts you for the address, username and password but then just hangs at "contacting the device, please wait. Sniffing the workstation's Ethernet shows that no packets are generated destined for the IP address of the ASA at all. The ASDM launcher is using the following:
Target: C:\Windows\SysWOW64\javaw.exe -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher
Start in: "C:\Program Files (x86)\Cisco Systems\ASDM\"
The only troubles I see posted on the web are with regards to the launcher installing the target as SYSTEM32 instead of SysWOW64, but this is OK here. Java version is v7 update 9.

Well, I gave up and uninstalled Java 7 and the ASDM. After installing Java 6 update 27 and then reinstalling ASDM, it works fine again. I installed Java 7 again while leaving 6/27 installed and had the same issues. Uninstalled 7 again and everything works fine.
I really wish Cisco would write Java code that is forward and backward compatible. It seems we have this issue every few Java updates at which time Cisco will release something like ASDM v61557 or the like if they admit there is an issue at all. Performing the correct calls instead of taking proprietary shortcuts eliminates this problem with incompatible code between releases.
---RWR

ASDM Launcher hangs

ASA 5510, ASA 8.0(4), ASDM 6.1(3), ASDM Launcher 1.5(30) on Windows XP SP3. Up until a week ago this worked, this has been the management PC since I installed the ASA. Now, as of the last several days (I don't look at it every day) I run the Launcher, put in credentials, it says Loading Cached software, it says software update completed, then it hourglasses, until I gave it and close it. I've udpated its Java, its Windows updates are current; even a few recent security updates that may have to do with this. How do I go about fixing?

Thanks, I haven't dug into java stuff before. I enabled logging and tracing, and picked Show Console, in Control panel Java Advanced. I don't see the console anywhere (I saw it pop up on a different machine when i tried). In the log folder all I get so far is a jcp.trace file, looks like startup info. I t has:
basic: unique id: JavaControlPanel
basic: server port at: 2828
basic: getSingleInstanceFilename: C:\Documents and Settings\barracuda\Application Data\Sun\Java\Deployment\tmp\si\JavaControlPanel-x86_2828
basic: waiting connection
basic: recv: javaws.singleinstance.stop
basic: getSingleInstanceFilename: C:\Documents and Settings\barracuda\Application Data\Sun\Java\Deployment\tmp\si\JavaControlPanel-x86_2828
basic: getSingleInstanceFilename: C:\Documents and Settings\barracuda\Application Data\Sun\Java\Deployment\tmp\si\JavaControlPanel-x86_2828
basic: removed SingleInstanceFile: C:\Documents and Settings\barracuda\Application Data\Sun\Java\Deployment\tmp\si\JavaControlPanel-x86_2828
I don't know if I'm missing some logging, or if this is all it has to say.

ASDM Launcher starts in a small window

When I launch the ASDM, whether in JAVA or as an MSI installation, the window starts "too small". I can't see anything but the minimize and close button. (see the attached screenshot)
I am running Java v1.4.2_03. I tried the most current release of Java and it had same results, so I uninstalled it and am back on 1.4.2_03.
...any ideas?
-Kevin

Hi Eric,
It seems to be ajava compatibility issue, try installing the 32-bit java version on your 64-bit machine, and then try he asdm. One more thing, on the 64-bit, open up a browser and type the url "https:// (you should be able to access the asdm.
Hope this helps
Thanks,
Varun

CSCum57517 - ASDM launcher is not working with Java 7u51 - 1

I am running 1.7.0_51_b13 with ADSM 7.1.5(100) and I still have the issue. Bug stiill exists in the hotfix.

I was able to solve the issue by enrolling and authenticating the ASA with an internal CA, configuring internal DNS to point to the common name used in the cert, and using the hostname in ASDM (similar to harold's solution but using internal issued cert rather than external cert).

Cannot launch ASDM

Hello all,
I have ASA 8.0(2) and never run ASDM before. I just download ASDM launcher v1.3(30) but I was never able to connect to my ASA via ASDM. Can someone help?
thanks,
Gene

You need to download Jave 2 SE v1.4.2.... If you have the latest version of Java it won't work.
http://java.sun.com/j2se/1.4.2/download.html
Click on "Download J2SE JRE"
This should fix your problem.
Patrick

ASA 5505 ASDM problem

I have problem with Cisco ASA 5505 (asa844-9-k8.bin) and ASDM 7.0(2) I have Windows XP with java ver 7 17
when I click on Run ASDM, I get error Unable to launch application
com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://192.168.1.70/admin/public/asdm.jnlp
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine._downloadCacheEntry(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResourceCacheEntry(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResourceCacheEntry(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access$000(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
When I click Install ASDM launcher I get error Unable to launch devices manager from 192.168.1.70
my run, anyway that is default, I use this ASA for CCNA Security
asa1# sh run
: Saved
ASA Version 8.4(4)9
hostname asa1
domain-name brokenbyte.org
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
shutdown
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif management
security-level 0
ip address 192.168.1.70 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name brokenbyte.org
pager lines 24
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-702.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
http server enable
http 255.255.255.255 255.255.255.255 management
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
username zeenmc password 3/spT3R67sfjIhix encrypted privilege 15
class-map inspection_default
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:559d292746bf2f88f66e9acc483a68f7
: end
Please help me, first time, maybe before a few months, I use ASDM normaly

I find what is problem, on the start, i think about that, but I don't find any older Java, I install now Java 6 44, now everything is OK

ASA 5505 unable to access ASDM ( just needs some ports ope and FWDing setup)

I was able to access the ASDM launcher in the browser yesterday   via    https://192.168.111.1/admin and I was stuck there as the browser version says that my ASA image does not work with my ASDM version...      So i tried some trouble shooting and think that i may have changed the image to an image that does not exist.     (I'm not sure where it is that I would actually place that image either)    Now i am unable to access through the browser at all.
Anyways, I am ok with SSH/CLI and have been using my firewall in this manner.   I am walking into this companies current configuration and simply need to do the following:
I need to OPEN ports 9000, 85, 40085, 49005 so that my mobile device can pull my security cameras in the office
I need to set port forwarding so that any connections that hit outside-in ip address 205.214.36.53:1610 >>> http://192.168.111.30:1610/AndroidWS/     for our new mobile CRM.
I have been through some of your related discussions and am falling short somewhere.   Please help
here is my "show run" and my "dir"
ciscoasa(config)# show run
: Saved
ASA Version 9.0(2)
hostname ciscoasa
domain-name scec.local
enable password ol40hHpZTtZQFXMJ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ol40hHpZTtZQFXMJ encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif INSIDE
security-level 100
ip address 192.168.111.1 255.255.255.0
interface Vlan2
nameif OUTSIDE
security-level 0
ip address 205.214.236.50 255.255.255.240
boot system disk0:/asa902-k8.bin
boot system disk0:/asa825-k8.bin
boot system disk0:/asa831-k8.bin
ftp mode passive
dns domain-lookup INSIDE
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 192.168.111.50
name-server 8.8.8.8
domain-name scec.local
object network LAN
subnet 192.168.111.0 255.255.255.0
object network SERVER1
host 192.168.111.50
object network SERVER1_PUBLIC
host 205.214.236.51
object network SERVER2
host 192.168.111.20
object network SERVER2_PUBLIC
host 205.214.236.52
object network SERVER3
host 192.168.111.30
object network SERVER3_PUBLIC
host 205.214.236.53
object network SERVER4
host 192.168.111.40
object network SERVER4_PUBLIC
host 205.214.236.54
object network SERVER5
host 192.168.111.10
object network SERVER5_PUBLIC
host 205.214.236.55
object-group service SERVER1_PORTS tcp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq pop3
port-object eq imap4
port-object eq 3389
object-group service SERVER2_PORTS tcp
port-object eq 3389
object-group service SERVER3_PORTS tcp
port-object eq 3389
object-group service SERVER4_PORTS tcp
port-object eq 3389
object-group service SERVER5_PORTS tcp
port-object eq 3389
port-object eq www
port-object eq https
access-list OUTSIDE_IN extended deny ip 10.0.0.0 255.0.0.0 any log
access-list OUTSIDE_IN extended deny ip 172.16.0.0 255.240.0.0 any log
access-list OUTSIDE_IN extended deny ip 192.168.0.0 255.255.0.0 any log
access-list OUTSIDE_IN extended deny ip 127.0.0.0 255.0.0.0 any log
access-list OUTSIDE_IN extended deny ip 0.0.0.0 255.255.255.0 any log
access-list OUTSIDE_IN extended deny ip 244.0.0.0 255.255.255.240 any log
access-list OUTSIDE_IN extended deny ip host 255.255.255.255 any log
access-list OUTSIDE_IN extended permit icmp any any echo-reply
access-list OUTSIDE_IN extended permit icmp any any time-exceeded
access-list OUTSIDE_IN extended permit icmp any any unreachable
access-list OUTSIDE_IN extended permit tcp any object SERVER1 object-group SERVER1_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER2 object-group SERVER2_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER3 object-group SERVER3_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER4 object-group SERVER4_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER5 object-group SERVER5_PORTS
access-list inside-out extended permit ip any any
pager lines 24
logging asdm informational
mtu INSIDE 1500
mtu OUTSIDE 1500
ip audit name OUTSIDE_ATTACK attack action alarm drop
ip audit name OUTSIDE_INFO info action alarm
ip audit name INSIDE_ATTACK attack action alarm drop reset
ip audit name INSIDE_INFO info action alarm
ip audit interface INSIDE INSIDE_INFO
ip audit interface OUTSIDE OUTSIDE_INFO
ip audit interface OUTSIDE OUTSIDE_ATTACK
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
ip audit signature 6051 disable
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-509.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (INSIDE,OUTSIDE) source static SERVER1 SERVER1_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER2 SERVER2_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER3 SERVER3_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER4 SERVER4_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER5 SERVER5_PUBLIC
object network LAN
nat (INSIDE,OUTSIDE) dynamic interface
access-group inside-out in interface INSIDE
access-group OUTSIDE_IN in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 205.214.236.49 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization exec LOCAL
http server enable
http 0.0.0.0 0.0.0.0 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2
console timeout 0
dhcpd option 3 ip 192.168.111.1
dhcpd address 192.168.111.100-192.168.111.200 INSIDE
dhcpd dns 192.168.111.50 8.8.8.8 interface INSIDE
dhcpd enable INSIDE
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username wti password OIEBfkGT1DRShCnN encrypted privilege 15
username admin password g/t7o/eHDKMomDrS encrypted privilege 15
username vpnuser password 8DcFkqJ9hi39UQw. encrypted privilege 15
username sysadmin password mi1AUI982JWkJuWt encrypted
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:6dd04d2527e7929343ebd090969e18a1
: end
ciscoasa(config)# dir
Directory of disk0:/
148    -rwx 15390720     09:08:54 Jul 31 2013 asa825-k8.bin
149    -rwx 27611136     09:43:48 Oct 31 2013 asa902-k8.bin
150    -rwx 2048         00:00:00 Jan 01 1980 FSCK0000.REC
20     drwx 2048         09:12:16 Jul 31 2013 coredumpinfo
151    -rwx 16280544     09:14:46 Jul 31 2013 asdm-645.bin
10     drwx 2048         09:19:42 Jul 31 2013 log
19     drwx 2048         09:20:08 Jul 31 2013 crypto_archive
153    -rwx 14240396     14:14:18 Jun 11 2014 asdm-631.bin
154    -rwx 4096         00:00:00 Jan 01 1980 FSCK0001.REC
155    -rwx 12998641     09:20:28 Jul 31 2013 csd_3.5.2008-k9.pkg
156    drwx 2048         09:20:30 Jul 31 2013 sdesktop
157    -rwx 6487517      09:20:32 Jul 31 2013 anyconnect-macosx-i386-2.5.2014-k9.pkg
158    -rwx 6689498      09:20:36 Jul 31 2013 anyconnect-linux-2.5.2014-k9.pkg
159    -rwx 4678691      09:20:38 Jul 31 2013 anyconnect-win-2.5.2014-k9.pkg
160    -rwx 4096         00:00:00 Jan 01 1980 FSCK0002.REC
161    -rwx 4096         00:00:00 Jan 01 1980 FSCK0003.REC
162    -rwx 4096         00:00:00 Jan 01 1980 FSCK0004.REC
163    -rwx 6144         00:00:00 Jan 01 1980 FSCK0005.REC
164    -rwx 6144         00:00:00 Jan 01 1980 FSCK0006.REC
165    -rwx 6144         00:00:00 Jan 01 1980 FSCK0007.REC
166    -rwx 22528        00:00:00 Jan 01 1980 FSCK0008.REC
167    -rwx 38912        00:00:00 Jan 01 1980 FSCK0009.REC
168    -rwx 34816        00:00:00 Jan 01 1980 FSCK0010.REC
169    -rwx 43008        00:00:00 Jan 01 1980 FSCK0011.REC
170    -rwx 2048         00:00:00 Jan 01 1980 FSCK0012.REC
171    -rwx 26624        00:00:00 Jan 01 1980 FSCK0013.REC
172    -rwx 2048         00:00:00 Jan 01 1980 FSCK0014.REC
173    -rwx 26624        00:00:00 Jan 01 1980 FSCK0015.REC
174    -rwx 2048         00:00:00 Jan 01 1980 FSCK0016.REC
175    -rwx 2505         09:46:08 Oct 31 2013 8_2_5_0_startup_cfg.sav
176    -rwx 1189         09:46:12 Oct 31 2013 upgrade_startup_errors_201310310946.log
177    -rwx 100          16:42:40 Jun 10 2014 upgrade_startup_errors_201406101642.log
178    -rwx 100          14:52:26 Jun 11 2014 upgrade_startup_errors_201406111452.log
127004672 bytes total (21886976 bytes free)
Please let me know if you need any other information from me so that i can get our mobile devices to connect to the new CRM from outside the network and allow the owner access on his mobile device to the company cameras.
************** (NOTE: I can do both of these things currently from within the network without any issues)*************
THANKS

Jgreene -
This doesn't specifically answer your question, but if you want to get ASDM functionality back you need to load a newer version onto flash memory and then point the ASA to that with the configuration command:
asdm image disk0:/asdm-version.bin
You are running  ASA Version 9.0(2) so you need at least version 7 of ASDM to support that. Interestingly enough your "asdm image" statement in your config points to asdm-509.bin and you have asdm-631.bin and asdm-645.bin on flash. None of those will work. I suggest loading up asdm-721.bin and changing the asdm image statement accordingly. I am pretty sure a reboot is required after that is done.
Good Luck!
-Jeff

ASDM doesn't run from application, but runs from web browser

Not sure what the deal is.
All of our firewalls are running 8.4(7.22) and ASDM 7.2.2.
The primary campus firewall works fine when running Program Files-->ASDM launcher
Our VPN firewalls only allow access to ASDM when launched from a web browser. Attempts to connect through the ASDM application respond with "Unable to connect to x.x.x.x".

If the devices are using the default self-signed certificate dynamically generated during boot-up they could have rebooted and thus changed their certificates (which would then have to be trusted anew by Java).
To avoid this, we generally try to use persistent certificates on the ASAs.
If that's the case for your, it's a good opportunity to generate a new certificate (using a 2048-but RSA key if you don't already have one) and bind it to the interface(s) you manage from.

Use Java version 6 update 7 and ASDM 7.1.3

ASDM access to 5500 using Java was just a frustrating experience. If you manage only one device you may not notice the pain. But if you are managing multiple devices with some device 'forbidden' to update ASA firmware, it is very frustrating. I spend few days looking at the issue and came to a conclusion and decided to post to guide all newer VPN admins who will go through the same pain and hopefully we can reduce some combined wasted time. No thanks to Cisco. This is not a guide but a start point of a dicussion and all input are welcome.
Recommended Beginning Setup for New Admin :
Java Version 6 Update 7
ASDM 7.1(3)
Reason for recommendation :
a. There doesn't seem to be any recommendation to where to start your ASDM journey. So here. Start from here. Attached PDF is simple list of Java version and its release date. http://en.wikipedia.org/wiki/Java_version_history Version 6 Update 7 is unique in that it is the last version to support Win 9x. Why is that important? ASDM is written on Win 9x interface.
b. It is a very old 2008 release. So why use such an old security cesspool of a product as a base? Security of newer version of Java isn't any better. Recommendation of Java use is to not use it. Java isn't secure. '.' But Cisco is insisting on using it. Shame on Cisco and this ASDM Java debacle is a shameful thing that Cisco even now can't careless.
c. Attached is the list of release date of Java and Cisco products. ASDMS for FWSM range from 2007-2010, ASA 5500 and PIX 2007-2008, ASA 2010-2013. 2008 seems to fit quite nicely in the middle. Very scientific .
Recommendation after gaining full access
a. Update ASA and ASDM firmware to latest. ASDM 7.1.3 has same interface as much older ASDM. Kudos to Cisco on that..
b. Write to US-CERT and CC Cisco to have them remove Java on their key platform. (Android too.. <- now, there's a joke!)

UPDATE 2...
ASDM ASA management platform has a major flaw. Different version require different version of Java JRE(Runtime Environment). One would think latest version should be backward compatible. It isn't so.
So far Java Version 6 and Update 7 has been most compatible for my work. But NSP and other management console also require JRE and they unlike Cisco works well with the latest version but not with older version.
Keeping and working with multiple version of JRE is a pain because JRE does not have proper control to support that automatically. One way to accomplish launching different version of JRE instead of default is use of command-line.
In ASDM's shortcut icon properties, add version information in "target:". Find out JRE versions installed in your system under C:\Program Files (x86)\Java. Add option -version:"1.6.0_07" to specify which version to use. My example is JRE version 6 update 7.
Original line :
C:\Windows\SysWOW64\javaw.exe -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher
Modified line :
C:\Windows\SysWOW64\javaw.exe -version:"1.6.0_07" -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher
http://docs.oracle.com/javase/6/docs/technotes/tools/windows/java.html
#ASDM #JAVA #JRE

ASDM and Java

I seem to have all kinds of issues trying to manage my firewalls with ASDM.
We have 4 ASA5510 firewalls we manage, three running ASDM 6.4 (3) and one with ASDM 6.3(2) .
I am using a Windows 7 VM
When I go to the ASDM launcher (1.5(50)) and enter my credentials for any one of the four FWs, it hangs on the login of all four. The message is: "Contacting the device. Please wait..."
When I got to the web launch icon on the desktop, it works for the three devices running ASDM 6.4(3), but not for the device running 6.3(4).
Below is the Java console information:
platform is: 1.7
product is: 1.7.0_21
location is: http://java.sun.com/products/autodl/j2se
path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
args is: null
native platform is: Windows, x86 [ x86, 32bit ]
JavaFX runtime is: JavaFX 2.2.21 found at C:\Program Files (x86)\Java\jre7\
enabled is: true
registered is: true
system is: true
When I am in ASDM and try to connect to one of the other firewalls, I get the following message:
I get a Version Mismatch error. "Your ASA image has a version number unknown which is not supported by ASDM 6.4(3). Continue anyway?"
If I click 'yes', it gets stuck at 11%, Intializing communications modules.
Why are there so many issues getting ASDM and Java to work right? What do I need to do to have one management point that I switch between firewalls at?

Hi Carlos
an other solution is, if you have installed both versions (6 and 7) of Java, to change the properties of the launcher. Try
"C:\Program Files (x86)\Java\jre6\bin\javaw.exe" -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher
if you have installed Java 6 in the standard folder

ASDM cannot be loaded. ver 6.1

Hi all,
Previously the ASDM on my XP Prof PC is working fine ..
But some how this 2 days. The ASDM got error and the message is as below:-
"ASDM cannot be loaded. CLick ok to exit ASDM. Unconnected sockets not implemented"
Any advise ?

Make sure you have installed correct version of java. The ASDM launcher on any host supports Java 1.4.2 and Java 1.5.0.It looks like we have Java 1.6.0 update 10 or update 7.You could check the current Java version on the host through the control panel in WINDOWS. Kindly download Java 1.5.0 and install it on the host where you get this error. You do not have to uninstall current Java to install Java 1.5.0.When you run the new Java file, new updates would be overwritten.

ASDM is unable to read the configuration from ASA.

Earlier today I was configuring the Cisco ASA (7.2(2)) using the ASDM, but after a reboot of the appliance I now get the following:
ASDM is unable to read the configuration from ASA.
This happens shortly after ?Loading running configuration from the device? appears in the ASDM status window.
I have tried restarting both the appliance and my workstation, but the issue persists. I have also tried clearing the ASDM cache, but that doesn?t help either. The issue occurs whether I used the Cisco ASDM Launcher or the web interface.
SSH access to the appliance works fine.
Thanks for any assistance (why is it that Cisco?s GUIs always have issues?!?).

I have exactly the same issue , SSH works fine but ASDM and Web interface reply with that error message "ASDM is unable to read the configuration from ASA".
My ASA is a 5520 ver 7.1(2) with ASDM 5.1(2)
Could it be something related to Java ?
Thanks for any hint.

Displaying security banner before login in ASDM

Is there a way to modify the ASDM launcher or related files to display the ASDM security banner prior to a user logging on? Or does Cisco have plans to modify or allow to change when the ASDM security banner is displayed? This is currently a requirement in NERC CIP Standard CIP-005-3 R2.6.

The correct way is to throw ALMException which is then displayed in the status box

ASDM webpage showing up, but not AnyConnect

I installed a self-signed certificate to an ASA and then followed the AnyConnect wizard in ASDM.
Here is my config now: http://pastebin.com/raw.php?i=x4HibwSq
The address "vpn.<my_domain>" points to the WAN port of the ASA.
When users open "vpn.<my_domain>" in their browser, they see the ASDM launch screen.
Shouldn't they see the AnyConnect launch screen now?

I think your section:
webvpn
enable outside
...needs to specify outside2 as the nameif outside is shutdown with no IP address.
Once that is done, if the FQDN resolves to your outside2 interface (180.70.242.6) it should work.

ASDM Launcher

Similar Messages

Maybe you are looking for