Cisco ASA 5505 requiring older JRE for application to execute

ADiVegliaAxis · ‎02-15-2018

Good afternoon,

A coworker and I are currently experiencing some delay in replacing a Cisco ASA 5505 due to the application requiring an older version of JRE to execute. We have downloaded multiple versions of Java and experimented with commenting out specific lines in .txt files in order to help with execution but we still can't get it to run. I was hoping that instead of yanking the ASA and seeing what breaks that someone had some suggestions otherwise. Ideally, we would like to pull the rules/policies off the ASA prior to it's replacement.

Thank you!

Ben Walters · ‎02-16-2018

Depending on the version of the ASA this might not work, but its worth a try. I assume you are talking about ASDM?

We used these tricks to get ASDM working on the newest version of Java for a fairly large range of versions of ASA.

In the java settings (control panel > Java) go to General > Network Settings and change the option to Direct Connection.

Then under the Security tab add the ASA address to the Exception Site List.

Then under the Advanced tab under Advanced Security Settings, you may need to try different combinations here but for older versions I found that disabling TLS 1.2 and leaving 1.0 and 1.1 enabled usually did the trick.

Also depending on how you use certificates you may also need to add the ASA cert to the Secure Site list back under the Security > Manage Certificates.

Hopefully this gets it working for you and you won't have to worry about outdated Java versions.

Optionally, do you have physical access to the ASA? You could always console into it.