12 January 2013

Cisco ASA ASDM - Troubleshooting "Unable to launch device manager from" and "Unconnected Socket Not Implemented" errors.





Checklist - The basics:
  • Disable the Windows Firewall.
  • Clear the Java cache from Windows Control Panel - Java

Upgrade your Java version to JRE6u7.

If you get the error "Unconnected Socket Not Implemented", or the error "com.sun.deploy.net.FailedDownloadException: Can't load the object: https://X.X.X.X/admin/public/asdm.jnlp", please downgrade your Java JRE 6 from u10 to u7.

If you get the error java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 403 Forbidden, remove the proxy configuration from your browser.

Download the ASDM installer again from your asa (https://yourasaip) and run again the setup.


Reloading the appliance may fix the "1 year uptime" ASDM java bug.

 

Ping the device in order to check the connectivity

dos command:    ping 192.168.1.1
where 192.168.1.1 is your ASA inside network interface

 

Verify that http server is running on the device

cli command:    http server enable
or issue "http server enable XXX" where XXX is a custom port number

 

Verify that you can access the device via https

cli command:    http 192.168.1.0 255.255.255.0 inside
where 192.168.1.0 is your LAN network

 

Reissue the local keys (SSL Certificate)

pix cli command: ca zeroize rsa 

pix cli command: ca generate rsa key 1024 
pix cli command: ca save all

asa cli command: crypto key zeroize 
asa cli command: crypto key generate rsa general-keys


Verify the ASDM startup-config pointer

cli command:    dir
find the line listing the asdm image filename "asdm-xxx.bin"

cli command:    show run
find and compare the filename with the asdm load command "asdm image disk0:/asdm-xxx.bin"

 

Try downloading a new ASDM copy from Cisco.

Upload the new file to the ASA flash memory

Remove the old pointer issuing the command
cli command:     no asdm image disk0:/asdm-xxx.bin

Add the new filename to the configuration
cli command:    asdm image disk0:/asdm-yyy.bin


If these steps aren't useful, locate a new ASA version image and upgrade or downgrade the firewall








5 comments:

  1. I was having the same problem. And fortunately i soved that by changing the SSL encryption algorithm.

    it was:
    aes256-sha1
    and I change to
    rc4-sha1

    My ASA versions:
    Cisco Adaptive Security Appliance Software Version 9.0(2)
    Device Manager Version 7.1(2)


    Thanks

    ReplyDelete
  2. Try this:
    ciscoasa(config)# ssl encryption aes256-sha1 aes128-sha1 3des-sha1

    Enjoy!

    Jose Miguel Cabrera
    Bolivia

    ReplyDelete
  3. Wow.Great!!! It works.Thanks Bolivia

    ReplyDelete
  4. So glad i found this sollution! It really works :) Thanks!

    ReplyDelete