[HowTo] Get Cisco ASDM Working in Bookworm
Posted: 2023-11-17 17:22
Hello folks! I am in the midst of selecting a new distro, running Bookworm Live on USB right now.
One of the first things I do when trying a new distro is see if / how it is possible to access the ASDM interface on my Cisco Firewall. Typically, there are some hoops to jump through to get this to work. I have seen many methods suggested but the one that works best for me is to use a combination of 1. old version of Java, 2. icedtea-web (javaws), and 3. some tweaking of the java.secuirty file.
I'm happy to report that this went fairly easily in Debian 12. In fact, a bit simpler than some other distros. Here's how:
1. Install icedtea-netx, which provides javaws (Note: in most other distros, you'd be looking for icedtea-web, so it took me a while to find this package)
2. Install nvidia-openjdk-8-jre. You will need "non-free" enabled in your sources.list to install this. This provides the older, less secure java that ASDM needs in order to run. Current default Java (17) is too strict about outdated encryption, etc. Don't worry, your current default, modern, secure Java installation will remain the default and be used for everything else. You will only use this old version for ASDM.
3. Run "itweb-settings", wait for the GUI to launch, then select the "JVM Settings" tab on the left and enter the path "/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre" into the "Set JVM for IcedTea-Web" field. You should see green text showing the validation results for the path you entered. Click "Apply" and then "OK".
4. Run javaws with the path to the jnlp on your Cisco device.
(replace with correct ip address, obviously)
You will need to click through a couple of exception confirmation boxes (I select "always allow") and then you can also opt to have it create a launcher icon on your desktop. The Cisco ASDM login window will appear. Simply enter your credentials, click OK, and the ASDM GUI will launch.
Note: Earlier I mentioned "tweaks to the java.security file". In this case, my java.security in the "java-1.8.0-openjdk-amd64" path was empty, so I just tried to launch ASDM and it worked. On other distros, I needed to edit that file and delete "TLSv1" from the jdk.tls.disabledAlgorithms=" section. You can ignore all this information. I just found it interesting.
I am enjoying Debian enough that it very likely will become my new distro. I hope someone finds this helpful, as I did find some old posts about ASDM in this forum.
One of the first things I do when trying a new distro is see if / how it is possible to access the ASDM interface on my Cisco Firewall. Typically, there are some hoops to jump through to get this to work. I have seen many methods suggested but the one that works best for me is to use a combination of 1. old version of Java, 2. icedtea-web (javaws), and 3. some tweaking of the java.secuirty file.
I'm happy to report that this went fairly easily in Debian 12. In fact, a bit simpler than some other distros. Here's how:
1. Install icedtea-netx, which provides javaws (Note: in most other distros, you'd be looking for icedtea-web, so it took me a while to find this package)
Code: Select all
sudo apt install icedtea-netxCode: Select all
sudo apt install nvidia-openjdk-8-jreCode: Select all
itweb-settingsCode: Select all
/usr/lib/jvm/java-1.8.0-openjdk-amd64/jreCode: Select all
javaws https://192.168.x.x/admin/public/asdm.jnlp(replace with correct ip address, obviously)
You will need to click through a couple of exception confirmation boxes (I select "always allow") and then you can also opt to have it create a launcher icon on your desktop. The Cisco ASDM login window will appear. Simply enter your credentials, click OK, and the ASDM GUI will launch.
Note: Earlier I mentioned "tweaks to the java.security file". In this case, my java.security in the "java-1.8.0-openjdk-amd64" path was empty, so I just tried to launch ASDM and it worked. On other distros, I needed to edit that file and delete "TLSv1" from the jdk.tls.disabledAlgorithms=" section. You can ignore all this information. I just found it interesting.
I am enjoying Debian enough that it very likely will become my new distro. I hope someone finds this helpful, as I did find some old posts about ASDM in this forum.