Cisco ASA ASDM Configuration

This topic is to discuss the following lesson:

Rene,
Hi. I assume that it is just syntax on the ASA, but does the " http server enable" command enable http and https access or only https access?

Many thanks,
Thomas

Hi Thomas,

It only enables HTTPS.

Rene

1 Like

Hi Rene,

<strong>"username ADMIN password PASSWORD"</strong>

Why " Admin " account does not require privilege 15

Thanks

I’ll change this, it should be a privilege level 15 account.

Hi Rene,

I am pretty new to ASA world,Just wondering This would work to allow only two IPs(10&11) to access HTTPs

Http 192.168.10.10 255.255.255.254 like a wild card mask or will it be just one line for every IP to connect via http

Hi Asi,

This should work but in this case, I think I would prefer two separate lines since it’s easier to read.

Rene

1 Like

Thanks Rene,

I think i will be a pain,through the course, Apologise in advance -Some of might Q might be silly

 

Hi Asi,

That’s no problem, let me know if you have difficulty understanding some of the topics.

Rene

Hi Rene,

My idea was to allow Mgmt Vlan only have access to HTTP and SSH

The moment I type in

configt

ssh 192.168.10.0 255.255.255.0 =>it logs back Inconsitent mask .

But when i apply

config t

ssh 192.168.10.1 255.255.255.255 ->asa like it

My undersatanding on using the subnet mask for defining the condition for various purpose on Access-list (like 0.0.0.255 where o-is have to be same and and 255 -can be any value and in routing protocol router rip network 192.168.10.1 0.0.0.0(Where 0.0.0.0 specify send/reciv hello/advrtz ntwrk from this interface only .

How is it possible to use 255.255.255.255 to indicate A single host IP can only access the ssh or http…

Please advice

Hi Asi,

That is strange as it’s a valid network and subnet mask. You sure you didn’t make any typos? :slight_smile:

ASA(config)# ssh 192.168.1.0 255.255.255.0 INSIDE

This allows the entire 192.168.1.0/24 network to access the ASA on the inside, if you want a single host you can use this:

ASA(config)# ssh 192.168.1.1 255.255.255.255 INSIDE

The difference between the ASA and a Cisco IOS router is that the ASA uses subnet masks everywhere. On the Cisco IOS routers, we use wildcard bits for access-lists and for network statements in EIGRP/OSPF.

Rene

1 Like

i am asssuming this course on the firewall requires physicall access to a asa5505? i only have packet tracer and i think this will not work will it?

Hi Ruby,

I did most of these examples on an ASA 5510 but a 5505 could also work.

I can recommend to give the virtual ASAv image a try, it works very well.

Rene

Hi Rene

Here the ASDM is accessed using 192.168.1.254 but in the previous chapter I see that you have used 192.168.1.1 as the management IP.
Apologies if this two are not connected.

As always thanks,
Palani

Hi Palani,

I usually try to use the same IP addresses. Sometimes I use 192.168.1.1 or 192.168.1.254 on the ASA.

Rene

Hi Rene,

I happen to have a 5510 they let me take home from work. Im following along with your instructions and everything seems ok to a point. However, not to my surprise I am having JAVA issues it seems.When I launch the asdm ( asdm-603.bin) I get message that java runtime is not on my PC and it kills the launch. I had older versions on it and they didnt work. I upgraded to the newest Java recommended jre1.8.0_101 and thats not working. Is there a trick to this?

PS. If I try to run it as a JAVA webstart (the other option) I dont have webstart and dont see where to get it on the Java site. I had a 5510 and this Java crap drove me crazy then too. Ugh…

Sorry, meant to say I had a 5505

Hi Joseph,

ASDM and Java can be an issue.

First of all, ASDM 603 is ancient by now. I would start by upgrading it to the latest version, see what happens then.

Rene

Hi,

I’ve got a cisco asa 5510 with asa917-12-k8.bin image and asdm-762-150.bin asdm version on the firewall. I wanted to lab this up physically and not thru gns. I followed the steps but wasn’t able to get thru. I tried chrome and edge browsers. I am consoled up to the asa from my pc. But I’m thinking that I need a layer 3 connection. Can you help steer me in the right direction. I went thru the forum and didn’t see my unique issue

Thanks in advance

Hello Christopher

When you say you weren’t able to “get thru” do you mean that you were unable to connect via a web GUI to the firewall? In order to use the ASDM to configure the ASA, you must have layer 3 access. The console connection will not allow you to work with ASDM. Take a look at this Cisco documentation on how to prep an ASA to function using ASDM 7.6.

I hope this has been helpful!

Laz