Cisco ASDM Error: ASDM is unable to read the configuration from the ASA
I have recently decided to go back to dabbling a little with firewalls and one of the toasters I am playing with at the moment is the Cisco ASA 5500 series. Now I have always worked with these appliances using the CLI, however, since ASDM is out there I thought I would look into using the GUI Config tools too, no harm in knowing a bit of both now is there?
ASDM is a java applet & this presents no real problem, given that JRE is a free download from www.java.com, so I went accross to the java site, downloaded the latest version, installed it and ASDM and tried to access my ASA Appliance, enter the surprise:
Initially, I thought this had something to do with my firewall configuration so I spend a couple of hours trawling the web and every site confirmed that my http configuration on the ASA was indeed correct and there are not too many variations out there. At this point I decided to check the web for other instances of this error.
As it turns out, aparently java 6 updates are not as backward compatible as we would expect - well either that or Cisco need to do something about the coding behind ASDM - for the resolution to this problem was actually to remove JRE 6 update 11 (the current version at time of going to print) and install JRE 6 Update 6, which is conventiently available from http://java.sun.com/products/archive/
Now the reports out there say that Update 6 & 7 work fine with ASDM, where Update 10 & 11 seem to have the ability to break ASDM and cause the "ASDM is unable to read the configuration from the ASA" error to appear.
Hopefully this post helps someone out there and manages to save them the hassle I went through.
Update 01/02/2009 - Alternative Workaround:
Many thanks to Tim Braun who poked around ASDM a little and found the below work-around, allowing you to run ASDM on an old version of Java while your Computer uses the latest version.
His findings were kindly posted in the comments section and are still there for all to see.
1. Open up the ASDM Installation folder (default: C:\Program Files\Cisco Systems\ASDM)
2. Right Click the File in the folder called asdm-launcher.config & remove the Read-Only attribute
3. Edit the asdm-launcher.config file in Notepad
4. Add the below line to the Config File
javapath c:\Program Files\Java\jre1.6.0_07\bin\client\jvm.dll
5. Save the Config File & Run ASDM
Note: you will need to have had JRE 1.6 Update 7 installed prior to updating to Update 11 in order for this to work, if yours is a new installation of JRE then you need to go back, download & install the previous version (Update 7) and install that before updating in order for this workaround to work.
In my case, I couldnt be asked to go through all that effort so I just checked the java folder on my pc (C:\Program Files\Java) to see what versions were previously installed & ammended the javapath line accordingly - worked a treat.
Thanks again to Tim!
"Hopefully this post helps someone out there and manages to save them the hassle I went through."
Indeed it did! I tried to connect to my device and started to panic when the config refused to load. I had not even considered the connection (very logical in hindsight!) and would have really started to stress otherwise.
Thanks for the notice!
Thanks for the heads up on this. I was freaking out about not being able to access my ASDM. I rolled back the driver and it now works.
Glad to have managed to save you guys some time, effort & energy! I hope that you rated the article as helpful in return.
Thanks! This was the info I needed to talk to my ASA5505 again. I did a little more snooping on my machine, and found that there was a way to configure ASDM to use the 1.6.0_07 jvm. Add this line to your asdm-launcher.config file:
javapath c:\Program Files\Java\jre1.6.0_07\bin\client\jvm.dll
This allows me to launch ASDM with jre1.6.0_07, while the system default on my laptop remains 1.6.0_11.
Sometimes, you just gotta dump the strings in the executable and take a chance...
Tim,
Thank you for the comment & well done on the work around - I think this info will come in quite handy to many people out there who do not want to downgrade - in fact, I think I am going to update my java and try it out myself. If it works, bonus!
Thanks again
Johan
hey, thanks a million for the post. i had wasted several days on this when i should have googled and found your link the first time around!
Thanks for the tips. Solved my problem.
Hey, thanks very much for posting this! Big time saver! Tim Braun's comment is very helpful too. My suggestion would be to include it as part of the article (of course, giving credit to Tim). The only thing I would add to Tim's comment is to remember to uncheck the Read-only setting on the asdm-launcher.config file. I wasted a bit of time on that...
Tim Braun is the man. Worked like a champ.
Thanks for the Info and the Work Around. This was getting very annoying. Your help was a big time saver. Thanks again!
Thanks a lot.
ASDM 5.2/PIX515E
Thanks for the information Tim. Saved me a ton of time in fixing this problem.
Thanks so much Tim, works great
Man, you guys are the best! I was already deep into mucking with my firewall and AV when I decied to search. As soon as I saw this post I knew I had the Java problem - the auto-update had just run a few days earlier. You know, with all the problems I've had in the past with Java, one would think I would know better by now! I gotta figure out a way of preventing Java auto-updates.
Steve
I wish I would've started searching a lot earlier. I'm trying to set up an ASA 5510 strictly for VPN access to replace my 3005 concentrators and I couldn't get past this java issue and was about to command line everything. Glad I found this place. Thanks.
THANK YOU! You're a lifesaver!
There is an engineering special of the ASDM that resolves this issue: asdm-61557.bin
Bug ID CSCsw43498 (ASDM is not working with Java 1.6.0_11 and Vista OS)