NOTE Conveter 6.3 can now be downloaded directly from VMware!
If you try and Download VMware Converter, you will find VMware ‘pulled‘ the files because of a zero day exploit that’s associated with the software, the VMware official posting you can find here. (they are working on publishing a replacement.)
Download VMware Converter
If you are adamant you want to use this tool and accept the risks associated with doing so Download the newest version here.
Related Articles, References, Credits, or External Links
A colleague of mine was trying to connect to a firewall via ASDM last week, and was greeted by an error like this.
Now this is a pretty standard error, and usually means you haven’t been allowed access, or there isn’t a firewall at that address, but in this case I knew that a) he did have access, b) that was the correct IP address, and c) it worked fine on my machine, so it was setup correctly.
As I said above this is a pretty generic error make sure your ASDM is configured correctly. If no one else can access it then run though the article below.
I saw this very problem again today, while hardening a firewall I had disabled some SSL encryption ciphers, I had left aes256-sha1 active, and removed the others. Took me a while to realise, but if you only have one (or both), of the following ciphers enabled, ASDM won’t load;
aes-256-sha1
dhe-aes256sha1
If you have any of the following ASDM should load normally;
aes128-sha1
dhe-aes128-sha1
rc4-sha1
3des-sha1
At this point I would consider the problem ‘fixed’ and move on, but the client I’m installing the firewall for wanted some clarification as to why it would not work. “Was it a bug?” So I opened a TAC call, and did some Googling. I came across an excellent article. And found I could replicate it exactly;
Note: the Client (My machine running ASDM) offers 14 cipher sets and theres no match.
By this time I had reply from TAC
————————————–
“The ciphers depends on the client, which in this case is ASDM launcher. ASDM launcher depends on ASDM version installed, latest available launcher is 1.5(73) – ASDM 7.4.1.
I did some tests with the latest software (ciphers741.png) but AES256 was still not proposed by the launcher.
I found a bug opened back in 2012 for exactly same issue, which was closed due to inactivity. Developers mentioned there that launcher is using all the ciphers supported by Java installed on client PC.
https://tools.cisco.com/bugsearch/bug/CSCtx78540/
Please refer to:
https://en.wikipedia.org/wiki/Java_Cryptography_Extension
JCE adds additional ciphers support for a Java client.
I downloaded the JCE for Java 7
Then I copied local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (these jars were already there so I had to overwrite them).
After that I tried once again and it worked.
————————————–
OK, that seems fair enough, and Kudos to the TAC engineer who had really gone the extra mile. So I thought I’d try and replicate it on the test bench.
Then it worked fine, so I logged the results once again;
Note: We now have 23 cipher proposals from the client.
Solution 3
Java 7 Update 51
Java Version 7 update 51 (Released Jan 2014) does not play nice with the Cisco ASDM.
Note: This is NOT the case if the ASDM presents a known, trusted, (not self signed) digital certificate.
Option 1
The easiest option is simply remove Java and downgrade to Java Version 7 Update 45
OR
You can also upgrade your ASDM to version 7.1(5.100) or later, and use the Java Web Start Option.
java
OR
Create a Java site exception. Note: This DID NOT WORK for me with Java version 7 update 51 to both ASDM Versions 7.1(1) and 7.1(5.100). I only put it here for completeness, because Cisco say it’s a solution.
Related Articles, References, Credits, or External Links
Original Article Written 11/02/14
Kudos and thanks to Michal Kunikowski from Cisco TAC for his assistance.
Well there is a bug on ESX version 6.0.0 that causes this error message, in my case the client had VFMS3 volumes.
Depreciated VFMS volume(s) found on the host. Please consider upgrading volumes(s) to the latest version.
That’s what was causing the error in my case!
Solution
I chose to simply update the VFMS3 volumes to VFMS5 > Right click the volume > Upgrade to VFMS5.
Select the volume(s) > OK.
Note: The upgrade is non-destructive, and does not require you to power off any virtual machines etc. (It’s also usually very quick)
Be Aware: While upgrading a datastore to VFMS5 it still retains its original block size and restrictions. To fully appreciate the benefits of VFMS5 a better approach is to create a new VFMS5 volume, then migrate your machines into it, then delete your VFMS3 volume(s) and recreate them as VFMS5.
Related Articles, References, Credits, or External Links
So you want your own web server running WordPress? Previously in Parts One and Two, we setup a new Linux box, and got all the prerequisites installed. Now it’s time to deploy WordPress.
Solution
There are a few extra bits we need to add to the PHP installation before we setup WordPress, to get those installed run the following command;
We are going to use the /tmp directory and download wordpress into that, you don’t need to worry about what version to download because the good folk at WordPress use the same URL for the latest version and keep it updated.
[box]
cd /tmp
curl -O https://wordpress.org/latest.tar.gz
[/box]
If you didn’t already guess from the file extension, the WordPress files are compressed, we need to ‘extract’ them.
[box]tar xzvf latest.tar.gz[/box]
WordPress has a file called wp-config.php in the root of the website that we will be editing in a while, so we are going to create that file by using the ‘sample’ file provided.
And, to save you hassle, (in future) we will pre-create the folder that WordPress will need when you eventually come to upgrade it, it will also, (after we have moved it in a minute), have the correct permissions.
Now we have all the files, but they are in the WRONG PLACE, they are all sat in the /tmp directory, but we want them in the root of your website, i.e. the /var/www/html directory. So to copy them (in bulk).
[box]sudo cp -a /tmp/wordpress/. /var/www/html[/box]
You won’t see anything happen, but if you have a look in your /var/www/html directory, the files will be there.
To set the correct permissions, execute the following commands;
COPY THAT TEXT TO THE CLIPBOARD (Yours will look different to the one above!)
Now edit the wp-config.php file, when its open go the the section that ‘looks like’ the text you copied above and paste your text over the top.
[box]nano /var/www/html/wp-config.php[/box]
While you are still in the file, you need to enter the database settings you setup in Part One. Near the top of the file you will see there’s a space for database name, username and password.
Enter your settings;
Save and close the file.
Now if you browse to your website, you should see the WordPress language selection, select your language and enter the settings and logon details for your website.
You will be logged into your sites admin panel (http://your-site/wp-admin). From here you can install new themes, add new plugins, and create new posts. Your website will now be ‘live’.
You may want to consider raising the maximum upload limit before proceeding;
I had to update a Cisco PIX 515E last week, Cisco 500 firewalls are a bit thin on the ground these days, and most of my corporate clients have replaced then with Cisco ASA 5500 firewalls. So as these units are now getting retired, or moved to the test bench, or sold on ebay. I thought I’d document probably the last one I did for posterity, and to help anyone else out.
Note: Cisco 506E and 501 firewall cannot be updated past version 6.3(5) see here.
Solution
Related Articles, References, Credits, or External Links