Making Cisco ASDM work (with new stuff around it)

By | 8 July, 2015

Brand new ASA-box, trying to manage it with ASDM from an up-to-date 2012R2-server with the latest Java (version 8 update 45 in my case)

Fails with “Unable to launch device manager from <ip.ad.re.ss>”

There are a lot of posts everywhere on how to fiddle with Java-versions, adding IP-address to Java’s trusted sites, importing the self-signed cert from the ASA etc, neither of which worked for me.

The solution was simply to UNCHECK the “Use TLS 1.1” and “Use TLS 1.2” in Java’s Advanced Security Settings. I.e. only “Use TLS 1.0” should be checked.

Now, this does not “feel right” (using lower/older security settings on a security-box like the ASA), nor do I like the fact that I downgrade TLS for all other (Java-)purposes as well on this server. Ideally one should only start the particular ASDM-application with these parameters but I didn’t really have time to read up on that.

I did do a quick test by adding “-Ddeployment.security.TLSv1.1=false” (and equivalent for v1.2) to Cisco’s run.bat but this did not seem to have any effect. If you know how to do this properly, feel free to post!

 

Leave a Reply