Setting Up ASDM

Initial Setup

If the user authentication is successful, ASDM checks the current version of the stub application and downloads a new copy if necessary. It loads the current configuration from the security Cisco ASA and displays it in the GUI, as shown in Figure 18-3.

Figure 18-3. Initial ASDM Screen

Tip

ASDM logs the debug and error messages into a file to troubleshoot the application-related issues. The name of the file is asdm-log-[timestamp].txt and it is located at user_home_directory.asdmlog.

ASDM divides the initial screen, also known as the Home screen, into the following five sections:

  • Device Information Displays the hardware and software information of the security Cisco ASA, such as the current version of operating system and the device type. If the License tab is selected, ASDM shows the features that are enabled on the security Cisco ASA.
  • System Resources Status Provides the current status of CPU and memory usage on Cisco ASA.
  • Interface Status Displays the interface name and the assigned IP address. It also shows the link information of the currently configured interfaces and the rate of traffic passing through them.
  • Traffic Status Provides information about the number of active TCP and UDP connections and the traffic rate passing through the outside interface.
  • Latest ASDM Syslog Messages Shows the latest ASDM syslog messages that are generated by the security Cisco ASA. Syslogging is disabled by default and needs to be enabled for log monitoring. When enabled, the security Cisco ASA sends the messages to the ASDM client. This is discussed later in the chapter, in the section "System Logging."

The statistics on the Home screen are refreshed every 10 seconds and show the information for the last 5 minutes.

Startup Wizard

The ASDM application has seven menus on the toolbars to configure certain parameters. One of the menus is called Wizards, which contains two options, VPN Wizard and Startup Wizard. To launch the Startup Wizard, choose Wizards > Startup Wizard, as shown in Figure 18-4.

Figure 18-4. Launching the Startup Wizard

The Startup Wizard can also be launched by choosing Configuration > Wizards > Startup.

The next screen on the wizard prompts you to specify whether you want the wizard to continue with the existing device configuration or to reset the running configuration to its factory default values. Resetting the security Cisco ASA into default configuration is helpful if you do not want to keep the existing configuration. This option is feasible if the security Cisco ASA is deployed in a lab environment with no production traffic traversing through it. In Figure 18-5, the administrator has selected the option to modify the existing configuration.

Figure 18-5. Starting Point of the Configuration

Note

Chapter 4 talks about the default configuration.

The Basic Configuration screen allows you to modify the host name and domain name of the security Cisco ASA. ASDM also enables you to modify the enable password by specifying the current enable password and then entering the new enable password, as illustrated in Figure 18-6. By default, there is no enable password configured on the security Cisco ASA.

Figure 18-6. Basic Configuration

You can modify the outside interface attributes, such as the interface name and the IP address, on the next screen. If the outside interface is being assigned an IP address from the DHCP server, select the Use DHCP option. In Figure 18-7, the outside interface has a static IP address of 209.165.200.225/27 and a default gateway of 209.165.200.226.

Figure 18-7. Outside Interface Configuration

You can select the remaining interfaces and edit attributes such as the interface name, security level, and IP address/subnet mask.

Note

You might lose your connection to the security Cisco ASA if you modify the interface parameters that ASDM is connected to.

The wizard allows you to enable a DHCP server on the inside interface. The security Cisco ASA can assign DHCP attributes such as IP addresses from a pool, the DNS and WINS server addresses, the default gateway address, the domain name, and the lease expiration time.

As illustrated in Figure 18-8, a pool of addresses in the range of 192.168.10.10 to 192.168.10.199 is set up with DNS and WINS addresses of 192.168.10.200 and 192.168.10.201. The default domain name is securemeinc.com and the IP address lease expires in 3600 seconds. Click Next to proceed.

Figure 18-8. DHCP Server

If address translation needs to be set up on Cisco ASA, the Startup Wizard presents three options:

  • The first option creates a pool of addresses for dynamic NAT.
  • The second option configures dynamic PAT.
  • The third option bypasses address translation.

In Figure 18-9, ASDM is being set up to dynamically translate the inside hosts to the outside interface's IP address using PAT.

Figure 18-9. Address Translation

The last configuration step in the Startup Wizard allows you to set up administrative access to Cisco ASA. As discussed in Chapter 4, the security Cisco ASA supports Telnet and SSH as the CLI-based remote management protocols, and supports ASDM as a GUI-based application. You can specify the allowed IP addresses on each of the interfaces for each of the management protocols. In Figure 18-10, the 192.168.10.0/24 network is allowed to establish SSH connections to Cisco ASA from the inside interface, while the 172.18.124.0/24 subnet is allowed to establish SSH and HTTPS connections from the mgmt interface.

Figure 18-10. Administrative Access

Caution

If the HTTP server is disabled, ASDM will stop communicating with Cisco ASA.

ASDM prompts you to either send the updated configuration or go back to modify the parameters. Click Finish to send the configuration to Cisco ASA.

If the "Preview command before sending to the device" option is enabled on ASDM under Tools > Preferences, the entire startup configuration is displayed before it is sent to the security Cisco ASA, as shown in Example 18-4.

Example 18-4. Initial Configuration Generated by ASDM

!DHCP server configuration

dhcpd address 192.168.10.10-192.168.10.199 inside

dhcpd enable inside

dhcpd dns 192.168.10.200 192.168.10.201

dhcpd wins 192.168.10.201 192.168.10.200

dhcpd domain securemeinc.com

!PAT configuration

global (outside) 10 interface

nat (inside) 10 0.0.0.0 0.0.0.0

!SSH configuration

ssh 172.18.124.0 255.255.255.0 mgmt

ssh 192.168.10.0 255.255.255.0 inside

!Changing the enable password

enable password cisco123






Cisco Asa(c) All-in-one Firewall, IPS, And VPN Adaptive Security Appliance
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
ISBN: 1587052091
EAN: 2147483647
Year: 2006
Pages: 231
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net