HTTP/asdm ACCESS TO ASA 5500 SERIES

From: Jens Petter Eikeland (jenseike@start.no)
Date: Fri Jul 28 2006 - 09:07:36 ART

• Next message: Darren Horobin: "3550 QoS"
• Previous message: Cacca Mucca: "Running SFP LX/LH over MM Fibers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all.

I am trying to access the management interface/asdm on my asa using http og
http.

I have made the commands needed to do this as noted in the documentation :

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/
mgaccess.htm

interface Management0/0

 nameif management

 security-level 100

 ip address 192.168.1.1 255.255.255.0

 management-only

http 192.168.1.0 255.255.255.0 management

http 192.168.1.2 255.255.255.255 management

Key name: <Default-RSA-Key>

 Usage: General Purpose Key

 Modulus Size (bits): 1024

 Key Data:

  30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00bf74a9

  249c0a8f 6b1bf6e9 e5624408 81d528e0 6769ccd5 4cbc8f8d 54ce2ef5 11465798

  29bb13c1 aced4782 a84c6061 defac9f3 8cf78679 d74fb965 20ac6be4 d055fbee

  b1c00a7b fc51be76 c727cd91 d3061349 a4600b76 41d7aaad 599120d2 cce01496

  36902446 5254d231 904f0cef 8f1eccb3 87162d43 5f67adf9 10386941 bb020301
0001

username jenspe password v82wvUT9NT8CITP7 encrypted privilege 15

aaa authentication http console LOCAL

aaa authentication enable console LOCAL

aaa authentication telnet console LOCAL

When I try access with http the asa is logging access denyed do to acl :

Jul 28 2006 13:24:35 172.16.0.1 : %ASA-3-710003: TCP access denied by ACL
from 192.168.1.2/4758 to management:192.168.1.1/80

Why? Should the config I have made not be all I need?

When I try to access with https the asa is logging (I do get the loging
promt for username and password and
it is stating that user is authenticated successfully but the connection in
teard down right away:

Jul 28 2006 13:21:57 172.16.0.1 : %ASA-7-710002: TCP access permitted from
192.168.1.2/4440 to management:192.168.1.1/https

Jul 28 2006 13:21:57 172.16.0.1 : %ASA-6-611101: User authentication
succeeded: Uname: jenspe

Jul 28 2006 13:21:57 172.16.0.1 : %ASA-6-605005: Login permitted from
192.168.1.2/4440 to management:192.168.1.1/https for user "jenspe"

Jul 28 2006 13:21:58 172.16.0.1 : %ASA-6-302014: Teardown TCP connection 13
for management:192.168.1.2/4440 to NP Identity Ifc:192.168.1.1/443 duration
0:00:00 bytes 1017 TCP FINs

Jul 28 2006 13:21:58 172.16.0.1 : %ASA-7-609002: Teardown local-host
management:192.168.1.2 duration 0:00:00

Jul 28 2006 13:21:58 172.16.0.1 : %ASA-7-609002: Teardown local-host NP
Identity Ifc:192.168.1.1 duration 0:00:00

Same thing happens with ssh

What is happening, I am sure that I don't need an acl to do this. I even
tried making an acl permiting 192.168.1.0/24 for http and https on the
management interface but
that did not do it.

I am however putting up telnet access and access the same way and that
function normaly :

telnet 192.168.1.0 255.255.255.0 management

telnet timeout 5

I am able to log in fine using telnet on the interface

Please advice me what I am doing wrong..

• Next message: Darren Horobin: "3550 QoS"
• Previous message: Cacca Mucca: "Running SFP LX/LH over MM Fibers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART