Cisco ASA ASDM Configuration

ReneMolenaar · December 19, 2016, 4:08pm

This topic is to discuss the following lesson:

tkalis · September 8, 2015, 5:51am

Rene,
Hi. I assume that it is just syntax on the ASA, but does the " http server enable" command enable http and https access or only https access?

Many thanks,
Thomas

ReneMolenaar · September 12, 2015, 12:36pm

Hi Thomas,

It only enables HTTPS.

Rene

sims · October 2, 2015, 7:34am

Hi Rene,

<strong>"username ADMIN password PASSWORD"</strong>

Why " Admin " account does not require privilege 15

Thanks

ReneMolenaar · October 3, 2015, 2:19pm

I’ll change this, it should be a privilege level 15 account.

abdullimran · October 11, 2015, 11:34pm

Hi Rene,

I am pretty new to ASA world,Just wondering This would work to allow only two IPs(10&11) to access HTTPs

Http 192.168.10.10 255.255.255.254 like a wild card mask or will it be just one line for every IP to connect via http

ReneMolenaar · October 12, 2015, 9:51am

Hi Asi,

This should work but in this case, I think I would prefer two separate lines since it’s easier to read.

Rene

abdullimran · October 13, 2015, 3:25pm

Thanks Rene,

I think i will be a pain,through the course, Apologise in advance -Some of might Q might be silly

ReneMolenaar · October 13, 2015, 3:53pm

Hi Asi,

That’s no problem, let me know if you have difficulty understanding some of the topics.

Rene

abdullimran · October 28, 2015, 7:22pm

Hi Rene,

My idea was to allow Mgmt Vlan only have access to HTTP and SSH

The moment I type in

configt

ssh 192.168.10.0 255.255.255.0 =>it logs back Inconsitent mask .

But when i apply

config t

ssh 192.168.10.1 255.255.255.255 ->asa like it

My undersatanding on using the subnet mask for defining the condition for various purpose on Access-list (like 0.0.0.255 where o-is have to be same and and 255 -can be any value and in routing protocol router rip network 192.168.10.1 0.0.0.0(Where 0.0.0.0 specify send/reciv hello/advrtz ntwrk from this interface only .

How is it possible to use 255.255.255.255 to indicate A single host IP can only access the ssh or http…

Please advice

ReneMolenaar · October 29, 2015, 10:10am

Hi Asi,

That is strange as it’s a valid network and subnet mask. You sure you didn’t make any typos?

ASA(config)# ssh 192.168.1.0 255.255.255.0 INSIDE

This allows the entire 192.168.1.0/24 network to access the ASA on the inside, if you want a single host you can use this:

ASA(config)# ssh 192.168.1.1 255.255.255.255 INSIDE

The difference between the ASA and a Cisco IOS router is that the ASA uses subnet masks everywhere. On the Cisco IOS routers, we use wildcard bits for access-lists and for network statements in EIGRP/OSPF.

Rene

rprihar · November 3, 2015, 5:13pm

i am asssuming this course on the firewall requires physicall access to a asa5505? i only have packet tracer and i think this will not work will it?

ReneMolenaar · November 3, 2015, 6:27pm

Hi Ruby,

I did most of these examples on an ASA 5510 but a 5505 could also work.

I can recommend to give the virtual ASAv image a try, it works very well.

Rene

palanimuthukar · May 20, 2016, 2:35am

Hi Rene

Here the ASDM is accessed using 192.168.1.254 but in the previous chapter I see that you have used 192.168.1.1 as the management IP.
Apologies if this two are not connected.

As always thanks,
Palani

ReneMolenaar · May 21, 2016, 2:31pm

Hi Palani,

I usually try to use the same IP addresses. Sometimes I use 192.168.1.1 or 192.168.1.254 on the ASA.

Rene

jbhummer · September 5, 2016, 12:28am

Hi Rene,

I happen to have a 5510 they let me take home from work. Im following along with your instructions and everything seems ok to a point. However, not to my surprise I am having JAVA issues it seems.When I launch the asdm ( asdm-603.bin) I get message that java runtime is not on my PC and it kills the launch. I had older versions on it and they didnt work. I upgraded to the newest Java recommended jre1.8.0_101 and thats not working. Is there a trick to this?

PS. If I try to run it as a JAVA webstart (the other option) I dont have webstart and dont see where to get it on the Java site. I had a 5510 and this Java crap drove me crazy then too. Ugh…

jbhummer · September 5, 2016, 12:31am

Sorry, meant to say I had a 5505

ReneMolenaar · September 19, 2016, 4:05pm

Hi Joseph,

ASDM and Java can be an issue.

First of all, ASDM 603 is ancient by now. I would start by upgrading it to the latest version, see what happens then.

Rene

chriscowboyfann · May 5, 2017, 10:45pm

Hi,

I’ve got a cisco asa 5510 with asa917-12-k8.bin image and asdm-762-150.bin asdm version on the firewall. I wanted to lab this up physically and not thru gns. I followed the steps but wasn’t able to get thru. I tried chrome and edge browsers. I am consoled up to the asa from my pc. But I’m thinking that I need a layer 3 connection. Can you help steer me in the right direction. I went thru the forum and didn’t see my unique issue

Thanks in advance

lagapidis · May 9, 2017, 11:20am

Hello Christopher

When you say you weren’t able to “get thru” do you mean that you were unable to connect via a web GUI to the firewall? In order to use the ASDM to configure the ASA, you must have layer 3 access. The console connection will not allow you to work with ASDM. Take a look at this Cisco documentation on how to prep an ASA to function using ASDM 7.6.

I hope this has been helpful!

Laz