Cisco ASA ASDM unable to launch device manager

After upgrading to Java version 7 update 51 (build 1.7.0_51-b13) I encounter an error, among a lot of other problems and errors!, which I couldn't use the ASDM (7.1.5) to login into my ASA appliance.

Apparently there is some  compatibility issues between the Java and the ASDM, according to Cisco there are two possible solutions:

1. Use the ASDM Java web start to launch the ASDM (note that first you will have to install
Jave JRE (link: http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html)

2. Downgrade Java from 7 update 51 to 7 update 40, you can find it here:
http://www.oldapps.com/java.php?old_java=12977

Cisco ASA access ports

While activating AnyConnect and trying to access the ASDM there might be problem to access one of the services.

ASDM and AnyConnect are using both https (SSL/TLS) on port 443 so you need to move one of them to use some other port:

ASA-LAB# show run http http server enable 7443 http server idle-timeout 60 http server session-timeout 40 http 0.0.0.0 0.0.0.0 OUTSIDE http 192.168.100.0 255.255.255.0 INSIDE100

Here I configured the ASDM to use port 7443, so when I will try to connect to the ASA with 

ASDM I will have to insert the port number as show here:

 We can also change the AnyConnect port by configuring it under webvpn:

webvpn  port 8080  enable OUTSIDE  enable INSIDE100  anyconnect image disk0:/anyconnect-win-3.1.04072-k9.pkg 1  anyconnect enable  tunnel-group-list enable

Here I configured the AnyConnect to use port 8080, also note that you will have to add the port in the AnyConnect client:

Any change in the webvpn will force you to shut down the service by issue the command:

webvpn  no enable OUTSIDE  no enable INSIDE100

Cisco ASA ASDM install and configure

We can configure either inside or management interface.

1.       Configure inside interface:

interface Vlan1  nameif inside  security-level 100  ip address 192.168.1.1 255.255.255.0

2.       Generate self-certificate:

crypto key generate rsa general-keys modulus 2048

3.       Set account:

username cisco password cisco privilege 15

4.       Enable HTTPs and set access:

http server enable http 192.168.1.0 255.255.255.0 inside

5.       Set  SSH access:

ssh 192.168.1.0 255.255.255.0 inside

6.       Set ASDM image:

asdm image disk0:/asdm-714.bin

If no ASDM file is found download the file from cisco.com and copy it to disk0 using TFTP/FTP.

7. Configure AAA services:

user-identity default-domain LOCAL aaa authentication ssh console LOCAL  aaa authentication enable console LOCAL  aaa authentication http console LOCAL

8.       Login into the ASA using a web browser to URL: https://<ASA_IP_ADDRESS>/admin

If you are getting a web page with the following error: (Error code: ssl_error_no_cypher_overlap) follow the instructions in How to obtain Cisco ASA 3DES license section.

How to obtain Cisco ASA 3DES license

Go to URL: http://tools.cisco.com/SWIFT/LicensingUI/Quickstart

Click on Get New->IPS, Crypto, Other licenses:

 

 Click Cisco ASA 3DES/AES License:

Enter the serial number of the ASA (can be taken from the CLI using the command show version) and click next:

Enter the relevant information and click Get License:

The license will be send to the e-mail you have entered.

Now login into the ASA using console and enter the following command with the license you have received:

ciscoasa# configure terminal ciscoasa(config)# activation-key xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx

Then reload the appliance for changes to take effect.