Cisco ASA ASDM Configuration

Cisco’s ASDM (Adaptive Security Device Manager) is the GUI that Cisco offers to configure and monitor your Cisco ASA firewall. In this lesson I’ll show you how you can enable it. First of all, make sure you have the ASDM image on the flash memory of your ASA:

ASA1(config)# show disk0:
--#--  --length--  -----date/time------  path
   10  8192        Dec 02 2014 19:09:34  log
   18  8192        Dec 02 2014 19:09:44  crypto_archive
  106  25088760    Aug 04 2014 13:59:20  asdm-731.bin
   19  8192        Dec 02 2014 19:10:00  coredumpinfo
   20  59          Dec 02 2014 19:10:00  coredumpinfo/coredump.cfg
  109  27113472    Aug 25 2014 13:10:56  asa915-k8.bin
  112  31522773    Aug 09 2014 15:01:52  anyconnect-win-3.1.03103-k9.pkg
  113  9993060     Aug 09 2014 15:06:50  anyconnect-linux-3.1.03103-k9.pkg
  114  11293375    Aug 09 2014 15:08:34  anyconnect-macosx-i386-3.1.03103-k9.pkg

255426560 bytes total (149430272 bytes free)

If you don’t have one, copy it to the flash memory before you continue. Our next step is to tell the ASA which ASDM image we want to use:

ASA1(config)# asdm image disk0:/asdm-731.bin

ASDM requires HTTP and it’s disabled by default, let’s enable it:

ASA1(config)# http server enable

Instead of giving everyone access to the HTTP server we will specify which network and interface are permitted to use the HTTP server:

ASA1(config)# http 192.168.1.0 255.255.255.0 INSIDE

This will only allow network 192.168.1.0 /24 on the inside interface to reach the HTTP server. It might be even a better idea to only allow one or two IP addresses that you use for management instead of an entire network.

Let’s continue and make a user account:

ASA1(config)# username ADMIN password PASSWORD privilege 15

That’s all we have to do on the ASA. Now you can open a web browser on your computer, I’ll be using Windows 7 and Internet Explorer for this. Open the following URL:

https://192.168.1.254

You will see the following screen:

Cisco ASA ASDM HTTPS Error

The ASA uses a self signed certificate so that’s why you see this error above. Just click on Continue to this website and you will see the following screen:

Cisco ASA ASDM Username Password

Now you can enter the username and password we created earlier. Click OK to continue and you will see the main screen:

Cisco ASA ASDM First Screen

You now have two options…you can run ASDM directly from the ASA’s flash memory or you can install it on your computer first.

ASDM requires Java so make sure you have installed it on your computer.

Let’s install it on our computer. Click “Install ASDM Launcher” to continue and your web browser will download a file:

Cisco ASA ASDM Download Launcher

Click Run and the ASM installation will start, click continue a couple of times and it will be installed. You can launch ASDM by clicking on the shortcut on your desktop and you will see this login screen:

Cisco ASA ASDM Launcher

Enter the IP address of the ASA and the username/password that we created earlier. Click on OK and you will see this:

Cisco ASA ASDM Security Warning

Once again we get an error since the ASA is using a self signed certificate. Just click on Continue and you will see the main dashboard of ASDM:

Cisco ASA ASDM Main Screen

That’s all there is to it. You can now use ASDM to configure and/or monitor your Cisco ASA firewall. If you have any questions, just leave a comment!

Tags:


Forum Replies

  1. Rene,
    Hi. I assume that it is just syntax on the ASA, but does the " http server enable" command enable http and https access or only https access?

    Many thanks,
    Thomas

  2. Hi Rene,

    <strong>"username ADMIN password PASSWORD"</strong>
    

    Why " Admin " account does not require privilege 15

    Thanks

  3. I’ll change this, it should be a privilege level 15 account.

  4. Hi Rene,

    I am pretty new to ASA world,Just wondering This would work to allow only two IPs(10&11) to access HTTPs

    Http 192.168.10.10 255.255.255.254 like a wild card mask or will it be just one line for every IP to connect via http

42 more replies! Ask a question or join the discussion by visiting our Community Forum