Managing Licenses

Setting Up ASDM

Before you can access the ASDM graphical console, you must install the ASDM software image on the local flash of the security Cisco ASA. The ASDM console can manage the local security Cisco ASA only; thus, if you need to manage multiple security Cisco ASA, the ASDM software must be installed on all the Cisco ASAs. However, a single workstation can launch multiple instances of ASDM clients to manage the different Cisco ASA.

A new security Cisco ASA is shipped with ASDM loaded in flash with the following default parameters:

Uploading ASDM

You can use the dir command to determine whether or not the ASDM software is installed. In case the security Cisco ASA does not have the ASDM software, your first step is to upload the image from an external file server using the supported protocols. Refer to Chapter 4, "Initial Setup and System Maintenance," for a list of supported protocols. Cisco ASA needs to be set up for basic configuration, such as the interface names, security levels, IP addresses, and the proper routes. After setting up basic information, use the copy command to transfer the image file, as shown in Example 18-1, where an ASDM file, named asdm-501.bin, is being copied from a TFTP server located at 172.18.108.26. Verify the content of the local flash once the file is successfully uploaded.

Example 18-1. Uploading the ASDM Image to the Local Flash

Chicago# copy tftp flash Address or name of remote host []? 172.18.108.26 Source filename []? asdm-501.bin Destination filename [asdm-501.bin]? asdm-501.bin Accessing tftp://172.18.108.26/asdm-501.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! Output omitted for brevity. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Writing file disk0:/asdm-501.bin... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ! Output omitted for brevity. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 5876644 bytes copied in 161.420 secs (36500 bytes/sec) Chicago# dir Directory of disk0:/ 1260 -rw- 5124096 16:47:34 Aug 07 2005 asa701.bin 2511 -rw- 5876644 17:38:14 Aug 07 2005 asdm-501.bin 62881792 bytes total (46723072 bytes free)

 

Setting Up Cisco ASA

When the ASDM file is accessed, the Cisco ASA loads the first ASDM image from the local Flash. If there are multiple ASDM images in the flash, use the asdm image command and specify the location of the ASDM image you want to load. This ensures that Cisco ASA always loads the specified image when ASDM is launched. In Example 18-2, Cisco ASA is set up to use asdm-501.bin as the ASDM image file.

Example 18-2. Specifying the ASDM Location

Chicago(config)# asdm image disk0:/asdm-501.bin

The security Cisco ASA uses the Secure Sockets Layer (SSL) protocol to communicate with the client. Consequently, the security Cisco ASA acts as a web server to process the requests from the clients. You can enable the web server on Cisco ASA by using the http server enable command.

The security Cisco ASA discards the incoming requests until the client's IP address is in the trusted network to access the HTTP engine. In Example 18-3, the administrator is enabling the HTTP engine and is setting up Cisco ASA to trust the 172.18.124.0/24 network connected toward the mgmt interface.

Example 18-3. Enabling the HTTP Server

Chicago(config)# http server enable Chicago(config)# http 172.18.124.0 255.255.255.0 mgmt

Note

The WebVPN implementation on Cisco ASA also requires that you run the HTTP server on Cisco ASA. However, you cannot run ASDM and WebVPN on the same interface.

 

Accessing ASDM

The GUI of ASDM can be accessed from any workstation whose IP address is in the trusted network defined on the security Cisco ASA. Before you establish the secure connection to Cisco ASA, verify that IP connectivity exists between the workstation and the Cisco ASA.

To establish an SSL connection, launch a browser and point the URL to the IP address of Cisco ASA. In Figure 18-1, the administrator is accessing ASDM by typing in https://172.18.124.205/admin/index.html as the URL.

Figure 18-1. Accessing the ASDM URL

Note

ASDM requires Java plug-in 1.4(2) or 1.5.0 installed on the web browser.

The security Cisco ASA presents a self-signed certificate to the workstation so that a secure connection can be established. If the certificate is accepted, the security Cisco ASA prompts the user to present authentication credentials. If the ASDM authentication is not set up, there is no default username. The default password is cisco, which is actually the telnet or exec password of the security Cisco ASA.

After a successful user authentication, Cisco ASA presents two ways to launch ASDM:

Note

ASDM as an application feature is currently supported on Windows-based operating systems.

ASDM can be started either from the desktop shortcut, Quick Launch, or via Start > Program Files > Cisco ASDM Launcher > Cisco ASDM Launcher, depending on the user selection. After the software installation, the ASDM launcher is automatically started.

When the ASDM stub application is launched, it prompts for the IP address of the security Cisco ASA you are trying to connect and the user authentication credentials. Figure 18-2 illustrates this, where an SSL connection is being made to an Cisco ASA located at 172.18.124.205. Specify the username and password to log into ASDM.

Figure 18-2. Launching ASDM

Note

Chapters 18, 19, 20, and 21 use ASDM as an application to guide you through the configuration and monitoring features of the security Cisco ASA.

Tip

The ASDM application saves the previously connected IP addresses and username information in a file called deviceInfo.cfg. It is located under user_home_directory.asdmdata. It is highly recommended that you do not manually edit this file. It can be deleted if the IP addresses and the usernames need to be cleared.

Категории