cannot connect to PIX Firewall via ISA Proxy server using ASDM Launcher

25 pts.
Cisco PIX
ISA Server 2004
PIX 525 firewall
Need asistance with ISA rules to allow ASDM Launcher (from authorized workstations) to connect to the PIX Appliance for management purposes. I can connect directly to the PIX device via traditional "telnet" (using PuTTY)functionality but can't seem to figure out why ISA is not allowing the ASDM Interface. All local browser traffic is filtered thru the ISA Proxy beforehand and standard HTTP, HTTPS, SSH, Protocols have already been established in a Policy on the ISA. The ISA Server also has same rulesets established from localhost to the PIX device as well. Just can't seem to get beyond the ISA Server. Thanks in advance.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Do you have http/https enabled on the PIX? If so, can you launch ASDM using a https connection to the inside interface of the PIX? If you starts to launch and then stops, you may need to change the version of Java that is on your PC.

On the ASDM:

If you go to Configuration -> Properties -> HTTP/HTTPS, you should be able to change the port number in there.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • RonP
    Yes, HTTP Server is enabled on the PIX. At this point, I believe the source of the problem may be with the port I'm using to start outbound HTTP sessions in my browser (I.E. 7). I just discovered all outbound browser connections are being established with the Proxy Server (ISA) on Port 8080. If I speciifically add the PIX Inside Interface (IP Address) to the list of "Exceptions" in my browser, thereby avoiding the ISA entirely, the Cisco ASDM Launcher works. This tell me both the PIX and my workstation (i.e. Java components, etc) have been configured properly and no problems exist at the foundation level. So, in essence, my question really is how I can leverage the ISA Proxy Server to allow/process traffic both to the PIX interface and back to my workstation via Cisco's ASDM Interface using Port 8080? If this can't be done, then I'll continue to exclude the Proxy from these sessions in my browser. Was merely wondering if there was a workaround. Can the PIX "HTTP Server" option be configured to use a different Port once enabled on the interface??? Thx.
    25 pointsBadges:
  • RonP
    Great..Thx..Another issue I discovered is the ISA Server is on a much lower security, and as such, static routes needed to be established to and back from the "inside interface"..Port Number Configuration info was bang on..!!
    25 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: