How to run Cisco ASDM on Linux

2019-12-12

For several weeks I’ve tried to get Cisco ASDM to work in linux, to be able to configure Cisco firewalls without remote connecting to a Windows host. Sadly, and despite my many years of google-fu, I couldn’t make it. Until I found this blog post.

I had tried different versions of Java, finally landing on java 8 (OpenJDK 1.8.0_222). I was even able to get to the login dialog - but when trying to connect, it would just stop, with the following output to console:

Invoking main() with args: [/webstart, AAA.BBB.CCC.DDD]
Class-Path attribute cleared for /home/peter/.cache/icedtea-web/cache/3/https/AAA.BBB.CCC.DDD/admin/public/lzma.jar
Class-Path attribute cleared for /home/peter/.cache/icedtea-web/cache/5/https/AAA.BBB.CCC.DDD/admin/public/jploader.jar
Class-Path attribute cleared for /home/peter/.cache/icedtea-web/cache/4/https/AAA.BBB.CCC.DDD/admin/public/retroweaver-rt-2.0.jar
java.lang.ClassNotFoundException: com.sun.deploy.trace.Trace
        at net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClassExt(JNLPClassLoader.java:1721)
        at net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClass(JNLPClassLoader.java:1519)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:264)
        at com.cisco.launcher.i.a(Unknown Source)
        at com.cisco.launcher.i.if(Unknown Source)
        at com.cisco.launcher.i.a(Unknown Source)
        at com.cisco.launcher.s.if(Unknown Source)
        at com.cisco.launcher.Launcher.main(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:574)
        at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:936)

java.lang.ClassNotFoundException: com.sun.deploy.trace.Trace
        at net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClass(JNLPClassLoader.java:1562)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:264)
        at com.cisco.launcher.i.a(Unknown Source)
        at com.cisco.launcher.i.if(Unknown Source)
        at com.cisco.launcher.i.a(Unknown Source)
        at com.cisco.launcher.s.if(Unknown Source)
        at com.cisco.launcher.Launcher.main(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:574)
        at net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:936)
Selecting proxy for: https://AAA.BBB.CCC.DDD/admin/login_banner
Browser proxy option "4" (Automatic) not supported yet.
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Selecting proxy for: socket://AAA.BBB.CCC.DDD:443
Browser proxy option "4" (Automatic) not supported yet.
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Selecting proxy for: https://AAA.BBB.CCC.DDD/admin/version.prop
Browser proxy option "4" (Automatic) not supported yet.
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Selecting proxy for: socket://AAA.BBB.CCC.DDD:443
Browser proxy option "4" (Automatic) not supported yet.
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Selecting proxy for: https://AAA.BBB.CCC.DDD/admin/pdm.sgz
Browser proxy option "4" (Automatic) not supported yet.
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Browser proxy option "4" (Automatic) not supported yet.
Selecting proxy for: socket://AAA.BBB.CCC.DDD:443
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Selecting proxy for: https://AAA.BBB.CCC.DDD/gadmin/pdm.sgz
Browser proxy option "4" (Automatic) not supported yet.
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Selecting proxy for: socket://AAA.BBB.CCC.DDD:443
Browser proxy option "4" (Automatic) not supported yet.
Browser selected proxies: [DIRECT]
Selected proxies: [DIRECT]
Release shared lock on /tmp/peter/netx/locks/netx_running
Other instances of netx are running


Release shared lock on /tmp/peter/netx/locks/netx_running
No other instances of netx are running

Now, as it turns out, the reason for all this is that Cisco ASDM does not support 64 bit java!

So the remedy is so simple, yet apparently so easy to miss. Just head over to Oracle’s web site and download a tarball of 32 bit java. I downloaded the file jre-8u231-linux-i586.tar.gz. Then unpack it somewhere, for instance to /opt:

$ sudo tar xzf jre-8u231-linux-i586.tar.gz -C /opt/

Then starting Cisco ASDM is just a matter of:

$ /opt/jre1.8.0_231/bin/javaws https://AAA.BBB.CCC.DDD/admin/public/asdm.jnlp

Since I use Ubuntu with Gnome on the work laptop, I created a desktop file to be able to launch it easier. I also made a symlink to the java 32 bit dir to have a more generic name:

$ sudo ln -s /opt/jre1.8.0_231 /opt/jre32

Here’s the desktop file ~/Desktop/ASDM.desktop:

#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=/home/peter/Pictures/icons/asdm.png
Name[en_US]=Cisco ASDM
Exec=/opt/jre32/bin/javaws https://AAA.BBB.CCC.DDD/admin/public/asdm.jnlp
Name=Cisco ASDM
Icon=/home/peter/Pictures/icons/asdm.png

The icon file was just created from a screenshot (with rectangular marquee over the Cisco ASDM logo).

Another tip while we’re at it: To restart Gnome without losing your session, just hit Alt+F2, type r in the dialog and hit enter!