The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the troubleshooting process for Adaptive Security Appliance Device Manager (ASDM) configuration, authentication and other problems.
The document is part of the ASDM troubleshoot series along with these documents:
ASDM does not display any access control lists (ACL) applied to an interface, even though there is a valid access-group applied to the interface in question. The message instead reads "0 incoming rules". These symptoms are observed L3 and L2 ACL both configured in access group config for an interface:
firewall(config)# access-list 1 extended permit ip any
firewall(config)# any access-list 2 extended permit udp any any
firewall(config)# access-list 3 ethertype permit dsap bpdu
firewall(config)# access-group 3 in interface inside
firewall(config)# access-group 1 in interface inside
firewall(config)# access-group 2 in interface outside
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwj14147 “ASDM fails to load access-group config if L2 and L3 acl's are mixed.”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
The hit-count entries in the ASDM are not consistent with the access-list hit counts as reported by the show access-list command on output of the firewall.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCtq38377 “ENH: ASDM should use ACL hash calc'd on the ASA and not calc'd locally” and Cisco bug ID CSCtq38405“ENH: ASA needs mechanism to provide ACL Hash info to ASD”
The “ERROR: % Invalid input detected at '^' marker.” error message is shown when editing an ACL in ASDM:
[ERROR] access-list mode manual-commit access-list mode manual-commit
^
ERROR: % Invalid input detected at '^' marker.
[OK] no access-list ACL1 line 1 extended permit tcp object my-obj-1 object my-obj-2 eq 12345
[ERROR] access-list commit access-list commit
ERROR: % Incomplete command
[ERROR] access-list mode auto-commit access-list mode auto-commit
^
ERROR: % Invalid input detected at '^' marker.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCvq05064 “Edit an entry (ACL) from ASDM gives an error. When using ASDM with OpenJRE/Oracle - version 7.12.2” and Cisco bug ID CSCvp88926 “Sending addition commands while deleting access-list”.
Note: These defects have been fixed in recent ASDM software releases. Check the defect details for more information.
The “ERROR: ACL is associated with route-map and inactive not supported, instead remove the acl” error message is shown in one of these cases:
firewall (config)# access-list pbr line 1 permit ip any host 192.0.2.1
ERROR: ACL is associated with route-map and inactive not supported, instead remove the acl
2. Edit an ACL ASDM > Configuration -> Remote Access VPN -> Network (Client) Access > Dynamic Access policy
Troubleshoot – Recommended Actions
Note: These defects have been fixed in recent ASA software releases. Check the defect details for more information.
ASDM Real-Time Log Viewer does not show logs for implicitly denied connections.
Troubleshoot – Recommended Actions
The implicit deny at the end of the access-list does not generate syslog. If you want all denied traffic to generate syslog, add rule with the log keyword at the end of the ACL.
ASDM freezes when trying to modify any network object or object-group from the Configuration > Firewall > Access Rules page under the Addresses tab. The user is not be able to edit any of the parameters in the network object window when this issue is encountered.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwj12250 “ASDM freezes when editing network objects or network object-groups”. The workaround is to disable the topN host statistics collection:
ASA(config)# no hpm topN enable
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
ASDM can show additional access control list rules for different interfaces if an interface-level access control list is modified. In this example, an incoming rule#2 was added to interface if3 ACL. ASDM also shows #2 for the interface if4, whereas this rule was not configured by the user. The command preview correctly shows a single pending change. This is a user interface display issue.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwm71434 “ASDM may display duplicate interface access-list entries”.
No logs are shown in the Real Time Log Viewer
Troubleshoot – Recommended Actions
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
References
# show run logging
logging enable
logging timestamp rfc5424
firewall(config)# no logging timestamp rfc5424
firewall(config)# logging timestamp
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
The Latest ASDM Syslog Messages tab in the Home page shows the “Syslog Connection Lost” and “Syslog Connection Terminated” messages:
Troubleshoot – Recommended Actions
Ensure logging is configured. Refer to the software Cisco bug ID CSCvz15404 “ASA: Multiple context mode : ASDM logging stops, when switched to a different context”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
ASDM session abruptly terminated when switching between different contexts with the error message “The maximum number of management sessions for protocol http or user already exists. Please try again later”. These logs are shown in the syslog messages:
%ASA-3-768004: QUOTA: management session quota exceeded for http protocol: current 5, protocol limit 5
%ASA-3-768004: QUOTA: management session quota exceeded for http protocol: current 5, protocol limit 5
Troubleshoot – Recommended Actions
firewall # show resource usage resource ASDM
Resource Current Peak Limit Denied Context
ASDM 5 5 5 10 admin
Note: This defect has been fixed in recent ASA software releases. Check the defect details for more information.
# show conn all protocol tcp port 443
TCP management 192.0.2.35:55281 NP Identity Ifc 192.0.2.1:443, idle 0:00:01, bytes 33634, flags UOB
TCP management 192.0.2.36:38844 NP Identity Ifc 192.0.2.1:443, idle 0:00:08, bytes 1629669, flags UOB
# clear conn all protocol tcp port 443 address 192.0.2.35
On multi-context ASA, ASDM randomly exits/terminates with the message “ASDM received a message from the ASA device to disconnect. ASDM will now exit.”.
Troubleshoot – Recommended Actions
Refer to the software defect Cisco bug ID CSCwh04395 “ASDM application randomly exits/terminates with an alert message on multi-context setup”.
Note: This defect has been fixed in recent ASA software releases. Check the defect details for more information.
ASDM load hangs with the message “Authentication FirePOWER login”:
The Java console logs show the “Failed to connect to FirePower, continuing without it” message:
2023-05-08 16:55:10,564 [ERROR] CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing:
0 [SGZ Loader: launchSgzApplet] ERROR com.cisco.pdm.headless.startup - CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing:
CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing:
2023-05-08 16:55:10,657 [ERROR] CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing messenger: cpl@18c4cb75
93 [SGZ Loader: launchSgzApplet] ERROR com.cisco.pdm.headless.startup - CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing messenger: cpl@18c4cb75
CLI-PASSTHROUGH-DEBUG Inside doInitialProcessing messenger: cpl@18c4cb75
com.jidesoft.plaf.LookAndFeelFactory not loaded.
2023-05-08 17:15:31,419 [ERROR] Unable to login to DC-Lite. STATUS CODE IS 502
1220855 [SGZ Loader: launchSgzApplet] ERROR com.cisco.dmcommon.util.DMCommonEnv - Unable to login to DC-Lite. STATUS CODE IS 502
May 08, 2023 10:15:31 PM vd cx
INFO: Failed to connect to FirePower, continuing without it.
May 08, 2023 10:15:31 PM vd cx
INFO: If the FirePower is NATed, clear the cache (C:/Users/user1/.asdm/data/firepower.conf) and try again.
Env.isAsdmInHeadlessMode()-------------->false
java.lang.InterruptedException
at java.lang.Object.wait(Native Method)
To verify this symptom, enable Java console logs:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwe15164 “ASA: ASDM cannot display SFR tabs until it's "woken up" through its CLI.”. Workaround steps:
Note: This defect has been fixed in recent Firepower software releases. Check the defect details for more information.
The Firepower module configuration is unavailable on ASDM.
Troubleshoot – Recommended Actions
firewall# show module sfr details
Getting details from the Service Module, please wait...
Card Type: FirePOWER Services Software Module
Model: ASA5508
Hardware version: N/A
Serial Number: AAAABBBB1111
Firmware version: N/A
Software version: 7.0.6-236
MAC Address Range: 006b.f18e.dac6 to 006b.f18e.dac6
App. name: ASA FirePOWER
App. Status: Up
App. Status Desc: Normal Operation
App. version: 7.0.6-236
Data Plane Status: Up
Console session: Ready
Status: Up
DC addr: No DC Configured
Mgmt IP addr: 192.0.2.1
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 192.0.2.254
Mgmt web ports: 443
Mgmt TLS enabled: true
If the module is down, the sw-module module reset command can be used to reset the module and then reload the module software.
References
Java console logs show the “java.lang.ArrayIndexOutOfBoundsException: 3” error message:
LifeTime value : -1 HTTP Enable Status : nps-servers-ige
java.lang.ArrayIndexOutOfBoundsException: 3
at doz.a(doz.java:1256)
at doz.a(doz.java:935)
at doz.l(doz.java:1100)
To verify this symptom, enable Java console logs:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwi56155 “Unable to access Secure Client Profile on ASDM”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
The Secure Client Profile XML profiles in ASDM Configuration > Remote Access VPN > Network (Client) Access cannot be edited on an ASA device if there is an AnyConnect image present on the disk that is older than version 4.8.
The error message “There is no profile editor plugin in your Secure Client Image on the device. Please go to Network (Client) Access > Secure Client Software and install the Secure Client Image version 2.5 or later and then try again” is shown.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwk64399 “ASDM- Unable to edit Secure Client Profile”. The workaround is to set another AnyConnect image with a lower priority.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
After making changes in ASDM Configuration > Network (Client) Access > Secure Client Profile, the images in Configuration > Network (Client) Access > Secure Client Software are missing.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwf23826 “Secure Client Software is not displayed after modifying the Secure Client Profile Editor in ASDM”. The workaround options:
Or
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
The commands http server session-timeout and http server idle-timeout have no effect in multi-context mode ASA.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCtx41707 “Support for http server timeout command in multi-context mode”. The commands are configurable however the values have no effect.
The copy of dap.xml to ASA via the File Management window in ASDM fails with the error “disk0:/dap.xml is a special system file. Uploading a file the name dap.xml in disk0: is not allowed”:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCvt62162 “Cannot copy dap.xml using File Management in ASDM 7.13.1”. The workaround is to copy the file directly to the ASA using protocols like FTP or TFTP.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
ASDM does not display IKE policies and IPSEC proposals in Configurations > Site-to-Site VPN window.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwm42701 “ASDM display blank in IKE policies and IPSEC proposals tab”.
ASDM display the message “The enable password is not set. Please set it now.” after changing the enable password in the command line:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCvq42317 “ASDM prompts to change enable password after it was set on CLI”.
When adding an object group and an object host to an existing object group and after refreshening the ASDM the object group disappears from the ASDM list. The object names must start with numbers for this defect to match.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwf71723 “ASDM losing configured objects/object groups”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
The AnyConnect client profiles cannot be edited for AnyConnect Profile earlier than version 4.5. The error message is “The Secure Client profile plug-in can not be accessed. Please press Refresh button on the ASDM tool bar. If this issue persists, please restart ASDM.”:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwf16947 “ASDM - Unable to load Anyconnect Profile Editor”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
In ASDM version 7.8.2, users are unable to navigate to the Edit Service Policy > Rule Actions > ASA FirePOWER Inspection tab and the error is displayed: "You have specified default inspection traffic as the traffic match criterion. Only inspect rule actions can be specified for the default inspection traffic." This occurs even when an ACL has been selected for redirection:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCvg15782 “ASDM - Unable to view modify SFR traffic redirection after upgrade to version 7.8(2)”. The workaround is to use the CLI to edit the policy-map configuration.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
These symptoms are observed for the Secure Client software version 5.1:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwh74417 “ASDM : AnyConnect Profile Editor and Group Policy cannot be loaded when using the CSC Image 5.1”. The workaround is to use lower versions of the Secure Client.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
AAA Attributes type (Radius/LDAP) are not visible in ASDM > Configuration > Remote Access VPN > Network (Client) Access > Dynamic Access Policies > Add > On AAA attribute field > Add > Select Radius or LDAP:
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwa99370 “ASDM : ASDM:DAP config missing AAA Attributes type (Radius/LDAP)” and Cisco bug ID CSCwd16386 “ASDM:DAP config missing AAA Attributes type (Radius/LDAP)”.
Note: These defects have been fixed in recent ASDM software releases. Check the defect details for more information.
The error 'Post Quantum key cannot be empty' is shown when editing the Advanced section in ASDM > Configuration > Remote Access VPN > Network (Client) Access > IPsec (IKEv2) Connection Profiles':
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwe58266 “ASDM IKev2 configuration - Post Quantum Key cannot be empty error message”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
ASDM does not display any results when using the option "where used" found by navigating to Configuration > Firewall > Objects > Network Objects/Groups and right-clicking to an Object.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwd98702 “"Where used" option in ASDM not working”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
ASDM does not display the warning message “[Network Object] cannot be deleted because it is used in the following” when deleting a network object that is referenced in a network group in Configuration > Firewall > Objects > Network Objects/Groups.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwe67056 "[Network Object] cannot be deleted because it is used in the following" warning not appearing”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
One or more of these symptoms are observed:
The user can be led to believe that ASDM prevents entities that would become empty because of the object deletion from the remaining in configuration. This is however not necessarily the case.
Troubleshoot – Recommended Actions
Refer to the software Cisco bug ID CSCwe86257 “Usability of Network Objects/Group Tab in ASDM”.
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
The error shown on ASDM UI is:
Troubleshoot – Recommended Actions
This error can be seen when you have both HTTP and Webvpn Cisco Secure Client (AnyConnect) enabled on the same interface. Thus, all conditions must be met:
Example:
asa# configure terminal
asa(config)# webvpn
asa(config-webvpn)# enable outside <- default port in use (443)
and
asa(config)# http server enable <- default port in use (443)
asa(config)# http 0.0.0.0 0.0.0.0 outside <- HTTP server configured on the same interface as Webvpn
Troubleshooting Tip: Enable 'debug http 255' and you can see the conflict between ASDM and Webvpn:
ciscoasa# debug http 255
debug http enabled at level 255.
ciscoasa# ewaURLHookVCARedirect
...addr: 192.0.2.5
ewaURLHookHTTPRedirect: url = /+webvpn+/index.html
HTTP: ASDM request detected [ASDM/] for [/+webvpn+/index.html] <--------
webvpnhook: got '/+webvpn+' or '/+webvpn+/': Sending back "/+webvpn+/index.html" <-----
HTTP 200 OK (192.0.2.110)HTTP: net_handle->standalone_client [1]
webvpn_admin_user_agent: buf: ASDM/ Java/1.8.0_431
ewsStringSearch: no buffer
Close 0
As a side note, despite the login failure, the ASA syslogs show that the Authentication is successful:
asa# show logging
Oct 28 2024 07:42:44: %ASA-6-113012: AAA user authentication Successful : local database : user = user2
Oct 28 2024 07:42:44: %ASA-6-113009: AAA retrieved default group policy (DfltGrpPolicy) for user = user2
Oct 28 2024 07:42:44: %ASA-6-113008: AAA transaction status ACCEPT : user = user2
Oct 28 2024 07:42:44: %ASA-6-605005: Login permitted from 192.0.2.110/60316 to NET50:192.0.2.5/https for user "user2"
Oct 28 2024 07:42:44: %ASA-6-611101: User authentication succeeded: IP address: 192.0.2.110, Uname: user2
Workarounds
Workaround 1
Change the TCP port for either the ASA HTTP server, for example:
ciscoasa# configure terminal
ciscoasa(config)# http server enable 8443
Workaround 2
Change the TCP port for the AnyConnect/Cisco Secure Client, for example:
ciscoasa# configure terminal
ciscoasa(config)# webvpn
ciscoasa(config-webvpn)# no enable outside <-- first you have disable WebVPN for all interfaces before changing the port
ciscoasa(config-webvpn)# port 8443
ciscoasa(config-webvpn)# enable outside
Workaround 3
An alternative workaround is to remove the "aaa authentication http console" configuration:
ciscoasa(config)# no aaa authentication http console LOCAL
In this case, you can login to ASDM by just using the enable password:
Related Defect
Cisco bug ID CSCwb67583
Add warning when webvpn and ASDM enabled on same interface
The error shown on ASDM UI is:
Troubleshoot – Recommended Steps
Check your AAA configuration on ASA and ensure that:
Reference
Sometimes you want to provide read-only access to ASDM users.
Troubleshoot – Recommended Steps
Create a new user with a custom privilege level (5), for example:
asa(config)# username [username] password [password] privilege 5
This command creates a user with a privilege level of 5, which is the "monitoring-only" level. Replace `[username]` and `[password]` with the desired username and password.
Details
Local command authorization lets you assign commands to one of 16 privilege levels (0 to 15). By default, each command is assigned either to privilege level 0 or 15. You can define each user to be at a specific privilege level, and each user can enter any command at the assigned privilege level or less. The ASA supports user privilege levels defined in the local database, a RADIUS server, or an LDAP server (if you map LDAP attributes to RADIUS attributes).
Procedure
Step 1 |
Choose Configuration > Device Management > Users/AAA > AAA Access > Authorization. |
Step 2 |
Check the Enable authorization for ASA command access > Enable check box. |
Step 3 |
Choose LOCAL from the Server Group drop-down list. |
Step 4 |
When you enable local command authorization, you have the option of manually assigning privilege levels to individual commands or groups of commands or enabling the predefined user account privileges. · Click Set ASDM Defined User Roles to use predefined user account privileges. The ASDM Defined User Roles Setup dialog box appears. Click Yes to use the predefined user account privileges: Admin (privilege level 15, with full access to all CLI commands; Read Only (privilege level 5, with read-only access); and Monitor Only (privilege level 3, with access to the Monitoring section only). · Click Configure Command Privileges to manually configure command levels. The Command Privileges Setup dialog box appears. You can view all commands by choosing All Modes from the Command Mode drop-down list, or you can choose a configuration mode to view the commands available in that mode. For example, if you choose context, you can view all commands available in context configuration mode. If a command can be entered in user EXEC or privileged EXEC mode as well as configuration mode, and the command performs different actions in each mode, you can set the privilege level for these modes separately. The Variant column displays show, clear, or cmd. You can set the privilege only for the show, clear, or configure form of the command. The configure form of the command is typically the form that causes a configuration change, either as the unmodified command (without the show or clear prefix) or as the no form. To change the level of a command, double-click it or click Edit. You can set the level between 0 and 15. You can only configure the privilege level of the main command. For example, you can configure the level of all aaa commands, but not the level of the aaa authentication command and the aaa authorization command separately. To change the level of all commands that appear, click Select All, then Edit. Click OK to accept your changes. |
Step 5 |
Click Apply. The authorization settings are assigned, and the changes are saved to the running configuration. |
Reference
Troubleshoot – Recommended Steps
At the time of this writing, ASDM does not support MFA (or 2FA). This limitation includes MFA with solutions like PingID, and so on.
Reference
Cisco Bug id CSCvs85995
ENH: ASDM access with two factor authentication or MFA
Troubleshoot – Recommended Steps
You can use LDAP, RADIUS, RSA SecurID, or TACACS+ to configure external authentication on ASDM.
References
Troubleshoot – Recommended Steps
In case you use external authentication and LOCAL authentication as a fallback the local authentication works only if your external server is down or not working. Only in this scenario the LOCAL authentication takes over and you can connect with the LOCAL users.
This is because external authentication takes precedence over LOCAL authentication.
Example:
asa(config)# aaa authentication ssh console RADIUS_AUTH LOCAL
Reference
Troubleshoot – Recommended Steps
Refer to the Cisco Bug id CSCtf23419 ENH: ASDM OTP authentication support in multi-context and transparent modes
The problem in this case is a mismatch between the ASA CLI configuration vs the ASDM UI.
Specifically, the CLI has:
tunnel-group DefaultWEBVPNGroup webvpn-attributes
authentication aaa certificate
While the ASDM UI does not mention the certificate method:
Troubleshoot – Recommended Steps
This is a cosmetic issue. The method is not showing up in ASDM, but certificate authentication is used.
The symptom is that ASDM GUI session timeout is not taken into account.
Troubleshoot – Recommended Steps
This occurs when the command "aaa authentication http console LOCAL" is not set on the managed ASA.
Refer to the Cisco Bug id CSCwj70826 ENH: add a warning: setting session timeout, requires "aaa authentication http console LOCAL"
Workaround
Configure the command ""aaa authentication http console LOCAL" on the managed ASA.
Troubleshoot – Recommended Steps
Step 1
Ensure that the configuration is in place, for example:
aaa-server ldap_server protocol ldap
aaa-server ldap_server (inside) host 192.0.2.1
ldap-base-dn OU=ldap_ou,DC=example,DC=com
ldap-scope subtree
ldap-naming-attribute cn
ldap-login-password *****
ldap-login-dn CN=example, DC=example,DC=com
server-type microsoft
asa(config)# aaa authentication http console ldap_server LOCAL
Step 2
Check the LDAP server status:
asa# show aaa-server
Good scenario:
Server status: ACTIVE, Last transaction at 11:45:23 UTC Tue Nov 19 2024
Bad scenario:
Server status: FAILED, Server disabled at 11:45:23 UTC Tue Nov 19 2024
Step 3
Check the LOCAL authentication works properly by temporarily disabling the LDAP authentication.
Step 4
On ASA run LDAP debugs and try to authenticate the user:
# debug ldap 255
In the debugs look for lines that contain hints like "Failed".
Under DAP configuration on ASDM AAA Attributes type (Radius/LDAP) are not visible only seeing = and != on dropdown:
Troubleshoot – Recommended Steps
This is a software defect tracked by Cisco Bug id CSCwa99370 ASDM:DAP config missing AAA Attributes type (Radius/LDAP)
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
The ASDM UI shows this:
While the expected UI output is:
Troubleshoot – Recommended Steps
This is a known defect:
Cisco Bug id CSCwi56155 Unable to access Secure Client Profile on ASDM
Workarounds:
Downgrade AnyConnect
or
Upgrade ASDM to version 7.20.2
Check the defect notes for more details. Additionally, you can subscribe to the defect, so you receive a notification on defect updates.
The ASDM UI shows:
"You are running a version of HostScan/SecureFirewall Posture image that does not include important security fixes. Please upgrade to the latest version. Do you still want to continue?"
Troubleshoot – Recommended Steps
This is a known defect:
Cisco Bug id CSCwc62461 When logging into ASDM pop up for hostscan - image does not include important security fixes
Note: This defect has been fixed in recent ASDM software releases. Check the defect details for more information.
Workaround:
Click 'Yes' on the pop up message box to continue.
The ASDM UI shows:
Error occurred in performing File Transfer
Error writing request body to server
Troubleshoot – Recommended Actions
This is a known defect tracked by:
Cisco Bug id CSCtf74236 ASDM "Error writing request body to server" when copying image
Workaround
Use SCP/TFTP to transfer the file.
Revision | Publish Date | Comments |
---|---|---|
2.0 |
29-Nov-2024 |
Initial Release |
1.0 |
28-Nov-2024 |
Initial Release |