The Cisco 5500 Series Adaptive Security Appliances are of course an excellent firewall but the ASA also offers (depending on the model) other security services as well, like IPS systems, VPN, content security, unified communications and remote access. These ASA’s can be used as a standalone appliance’ that can handle the need for branch offices to enterprise data centers. Or they can be included in high-performance blades that work together with the Cisco Catalyst 6500 Series, and recently new they can also run in a virtual instance which provides tenant isolation for public and private clouds! For now let’s focus on the basics of the ASA like the ASDM.
The ASDM is a pretty good GUI tool that helps make the ASA a simpler process of maintaining and configuring the device, instead of doing CLI commando style. In this example I have an ASA 5505 with default configuration (I did a “write erase” to clear the IP addressing and DHCP settings) when you reload the device I decided to use the ASA’s pre-configure wizard which really just makes the ASA useable by giving the inside interface an IP address along with the correct time and the “enable password” Here are the current settings:
The following configuration will be used: Enable password: cisco Allow password recovery: yes Clock (UTC): 11:04:11 Jun 23 2012 Firewall Mode: Routed Inside IP address: 192.168.5.1 Inside network mask: 255.255.255.0 Host name: ASA Domain name: ciscoskills.net IP address of host running Device Manager: 192.168.5.10 Use this configuration and write to flash? yes INFO: Security level for "inside" set to 100 by default. WARNING: http server is not yet enabled to allow ASDM access. Cryptochecksum: a2692f1b 31b2d847 6abf71e4 b9c1bcfb 1641 bytes copied in 1.730 secs (1641 bytes/sec) Type help or '?' for a list of available commands. ASA>en ASA#config t ASA(config)#http server enable
Notice to use the ASDM you must put it one more command for the ASA to listen on port 443 which is “http server enable” from that open up your browser and type the IP address of the ASA in this example it is “192.168.5.1” you can either run the ASDM from the ASA or install it on your system for a faster experience it’s your choice, but it does add additional memory and CPU if the ASDM runs on the ASA.
For this example I installed the ASDM on my system and by default the username is blank and the password is “cisco” which is what I configured in the beginning.
From there opens up the ASDM the home page displays some device information like the hostname, ASA version and ASADM version, the runtime, total RAM and flash. It also gives you some traffic stats along with CPU and memory from there to configure the device you would click the configuration button and configure a way!
You have to have some hands-on experience with this product to really understand it and get the overall feeling of where things in the ASDM. Cisco does offer some ASDM demos that can be searchable on the internet and you can download directly from Cisco however you must have a Cisco ID to use it. If you download this link it will install the latest (May 2012) ASDM demo settings so you can at least get a feeling of the ASDM.
I hope this information is helpful and if you have any questions are comments be sure to post them below, also check back often I’ll see if I can post some additional content about the ASA like upgrading the ASA IOS version with the ASDM. 🙂
- CCNA Security – 640-554 (ciscoskills.net)
- Cisco Patches Vulnerabilities in VPN Client, Security Appliances (pcworld.com)
- New Cisco ASA Step-by-Step Guide Simplifies Configuration (prweb.com)