Cisco’s ASDM (Adaptive Security Device Manager) is the GUI that Cisco offers to configure and monitor your Cisco ASA firewall. In this lesson I’ll show you how you can enable it. First of all, make sure you have the ASDM image on the flash memory of your ASA:
ASA1(config)# show disk0:
--#-- --length-- -----date/time------ path
10 8192 Dec 02 2014 19:09:34 log
18 8192 Dec 02 2014 19:09:44 crypto_archive
106 25088760 Aug 04 2014 13:59:20 asdm-731.bin
19 8192 Dec 02 2014 19:10:00 coredumpinfo
20 59 Dec 02 2014 19:10:00 coredumpinfo/coredump.cfg
109 27113472 Aug 25 2014 13:10:56 asa915-k8.bin
112 31522773 Aug 09 2014 15:01:52 anyconnect-win-3.1.03103-k9.pkg
113 9993060 Aug 09 2014 15:06:50 anyconnect-linux-3.1.03103-k9.pkg
114 11293375 Aug 09 2014 15:08:34 anyconnect-macosx-i386-3.1.03103-k9.pkg
255426560 bytes total (149430272 bytes free)
If you don’t have one, copy it to the flash memory before you continue. Our next step is to tell the ASA which ASDM image we want to use:
ASA1(config)# asdm image disk0:/asdm-731.bin
ASDM requires HTTP and it’s disabled by default, let’s enable it:
ASA1(config)# http server enable
Instead of giving everyone access to the HTTP server we will specify which network and interface are permitted to use the HTTP server:
ASA1(config)# http 192.168.1.0 255.255.255.0 INSIDE
This will only allow network 192.168.1.0 /24 on the inside interface to reach the HTTP server. It might be even a better idea to only allow one or two IP addresses that you use for management instead of an entire network.
Let’s continue and make a user account:
ASA1(config)# username ADMIN password PASSWORD privilege 15
That’s all we have to do on the ASA. Now you can open a web browser on your computer, I’ll be using Windows 7 and Internet Explorer for this. Open the following URL:
https://192.168.1.254
You will see the following screen:
The ASA uses a self signed certificate so that’s why you see this error above. Just click on Continue to this website and you will see the following screen:
Hi Joseph,
ASDM and Java can be an issue.
First of all, ASDM 603 is ancient by now. I would start by upgrading it to the latest version, see what happens then.
Rene
Hello Christopher
When you say you weren’t able to “get thru” do you mean that you were unable to connect via a web GUI to the firewall? In order to use the ASDM to configure the ASA, you must have layer 3 access. The console connection will not allow you to work with ASDM. Take a look at this Cisco documentation on how to prep an ASA to function using ASDM 7.6.
I hope this has been helpful!
Laz
HI,
... Continue reading in our forumThank you for the link. Im still kind of stuck and wondered if you can point me in the right direction please. I have a cisco 2821 router with a gig0/0 interface plugged into the cisco asa 5510 ethernet 0/0 port. I have pasted in the asa config in hopes that you might see what might be wrong. i cannot ping from the router to the asa. both are in the 192.168.2.0 subnet. i tried both straight and cross over after hearing that asa interfaces dont have the auto sensing mdix stuff. could you let me know what my issue is please.
Hello Christopher
I’m not sure why you are unable to ping. However, you can turn debugging on on the ASA and see if the ping actually reaches the device, and if so why it doesn’t respond. If there is no debug output, the ping doesn’t actually reach the device. If it does, it will tell you why/if it doesn’t respond.
As far as MDIX support, the ASA supports both crossover and straight-through cables.
Let us know your results. I hope this helps.
Laz
If you are using an older version of asa and have errors regarding
“Inside interface not recognized on Cisco ASA-5505” Refer to the reference below. Here are the commands:
Reference: https://networkengineering.stackexchange.com/questions/10461/inside-interface-not-recognized-on-cisco-asa-5505