вторник, 24 июня 2014 г.

ASDM is being blocked by Java after an upgrade to Java 7u51

Рабочий вариант решения проблемы:

Try these steps that I took and it should work with Jave 7 u51.

1. Go to the ASA IP address in IE.
2. Select Continue to website. (This is where it asks if you want to install the ASDM Launcher)
3. In the Address Bar click on "Certificate Error" then "View Certificates."
4. Go to Details tab and select "Copy to File" and export the cert to my desktop using the default DER format.
5. Open Java Control Panel and go to "Security" tab and "Manage Certificates."
6. Selected "Secure Site" in drop down box and clicked "Import."
7. Select "All Files" in drop down box, and selected the Cert that I exported from IE.


Официальное решение с сайта cisco.com (не работает):

Symptom:
After installing the Java 7 upgrade 51, ASDM cannot be launched from the browser because it is being blocked by Java due to the JAR file manifest missing the Permissions attribute.

Please note that the same problem is affecting in a Web deployment of AnyConnect. While the problem is the same, AnyConnect is a different application from ASDM and will be handled separately.

Conditions:
All versions of ASDM while Java version 7u51 is running on the client computer.

Workaround:
In order to be able to launch ASDM from the browser, upgrade to ASDM 7.1.5.100.

Since ASDM Launcher does not work with Java version 7u51 (see CSCum57517), upgrading ASDM can be done in one of the following two ways:

1. Manual upgrade via CLI:
- Download 7.1.5.100 ASDM image from cisco.com to you local computer
- Upload it to the ASA (see http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/general/admin_swconfig.html#wp1625334 on how to upload a file to the ASA)
- Issue "asdm image asdm-715100.bin" to set the new image as the ASDM image
- Issue "write mem" to save configuration

2. Add a security exception for the ASA in the Java Control Panel, so that you could launch the current ASDM image and upgrade it from within ASDM:
- Open Java Control Panel
* on Windows: Start > Control Panel > Java Control Panel
* on Mac: click on Java icon in System Preferences
- Go to the Security tab
- In the Exception Site List section at the bottom, click Edit Site List and add the ASA you want to manage with ASDM:
https://
where is the IP address of the ASA

Further Problem Description:
Please note that ASDM Launcher does not work with Java 7 update 51. The only way to launch ASDM under Java 7u51 is to use the workaround above and launch ASDM from the browser.