If the user authentication is successful, ASDM checks the current version of the stub application and downloads a new copy if necessary. It loads the current configuration from the security Cisco ASA and displays it in the GUI, as shown in Figure 18-3.
Figure 18-3. Initial ASDM Screen
ASDM logs the debug and error messages into a file to troubleshoot the application-related issues. The name of the file is asdm-log-[timestamp].txt and it is located at user_home_directory.asdmlog.
ASDM divides the initial screen, also known as the Home screen, into the following five sections:
The statistics on the Home screen are refreshed every 10 seconds and show the information for the last 5 minutes.
The ASDM application has seven menus on the toolbars to configure certain parameters. One of the menus is called Wizards, which contains two options, VPN Wizard and Startup Wizard. To launch the Startup Wizard, choose Wizards > Startup Wizard, as shown in Figure 18-4.
Figure 18-4. Launching the Startup Wizard
The Startup Wizard can also be launched by choosing Configuration > Wizards > Startup.
The next screen on the wizard prompts you to specify whether you want the wizard to continue with the existing device configuration or to reset the running configuration to its factory default values. Resetting the security Cisco ASA into default configuration is helpful if you do not want to keep the existing configuration. This option is feasible if the security Cisco ASA is deployed in a lab environment with no production traffic traversing through it. In Figure 18-5, the administrator has selected the option to modify the existing configuration.
Figure 18-5. Starting Point of the Configuration
Chapter 4 talks about the default configuration.
The Basic Configuration screen allows you to modify the host name and domain name of the security Cisco ASA. ASDM also enables you to modify the enable password by specifying the current enable password and then entering the new enable password, as illustrated in Figure 18-6. By default, there is no enable password configured on the security Cisco ASA.
Figure 18-6. Basic Configuration
You can modify the outside interface attributes, such as the interface name and the IP address, on the next screen. If the outside interface is being assigned an IP address from the DHCP server, select the Use DHCP option. In Figure 18-7, the outside interface has a static IP address of 22.214.171.124/27 and a default gateway of 126.96.36.199.
Figure 18-7. Outside Interface Configuration
You can select the remaining interfaces and edit attributes such as the interface name, security level, and IP address/subnet mask.
You might lose your connection to the security Cisco ASA if you modify the interface parameters that ASDM is connected to.
The wizard allows you to enable a DHCP server on the inside interface. The security Cisco ASA can assign DHCP attributes such as IP addresses from a pool, the DNS and WINS server addresses, the default gateway address, the domain name, and the lease expiration time.
As illustrated in Figure 18-8, a pool of addresses in the range of 192.168.10.10 to 192.168.10.199 is set up with DNS and WINS addresses of 192.168.10.200 and 192.168.10.201. The default domain name is securemeinc.com and the IP address lease expires in 3600 seconds. Click Next to proceed.
Figure 18-8. DHCP Server
If address translation needs to be set up on Cisco ASA, the Startup Wizard presents three options:
In Figure 18-9, ASDM is being set up to dynamically translate the inside hosts to the outside interface's IP address using PAT.
Figure 18-9. Address Translation
The last configuration step in the Startup Wizard allows you to set up administrative access to Cisco ASA. As discussed in Chapter 4, the security Cisco ASA supports Telnet and SSH as the CLI-based remote management protocols, and supports ASDM as a GUI-based application. You can specify the allowed IP addresses on each of the interfaces for each of the management protocols. In Figure 18-10, the 192.168.10.0/24 network is allowed to establish SSH connections to Cisco ASA from the inside interface, while the 172.18.124.0/24 subnet is allowed to establish SSH and HTTPS connections from the mgmt interface.
Figure 18-10. Administrative Access
If the HTTP server is disabled, ASDM will stop communicating with Cisco ASA.
ASDM prompts you to either send the updated configuration or go back to modify the parameters. Click Finish to send the configuration to Cisco ASA.
If the "Preview command before sending to the device" option is enabled on ASDM under Tools > Preferences, the entire startup configuration is displayed before it is sent to the security Cisco ASA, as shown in Example 18-4.
Example 18-4. Initial Configuration Generated by ASDM
!DHCP server configuration dhcpd address 192.168.10.10-192.168.10.199 inside dhcpd enable inside dhcpd dns 192.168.10.200 192.168.10.201 dhcpd wins 192.168.10.201 192.168.10.200 dhcpd domain securemeinc.com !PAT configuration global (outside) 10 interface nat (inside) 10 0.0.0.0 0.0.0.0 !SSH configuration ssh 172.18.124.0 255.255.255.0 mgmt ssh 192.168.10.0 255.255.255.0 inside !Changing the enable password enable password cisco123
Part I: Product Overview
Introduction to Network Security
Part II: Firewall Solution
Initial Setup and System Maintenance
Network Access Control
Authentication, Authorization, and Accounting (AAA)
Failover and Redundancy
Quality of Service
Part III: Intrusion Prevention System (IPS) Solution
Intrusion Prevention System Integration
Configuring and Troubleshooting Cisco IPS Software via CLI
Part IV: Virtual Private Network (VPN) Solution
Site-to-Site IPSec VPNs
Remote Access VPN
Public Key Infrastructure (PKI)
Part V: Adaptive Security Device Manager
Introduction to ASDM
Firewall Management Using ASDM
IPS Management Using ASDM
VPN Management Using ASDM