You'll need an initial configuration to make ASDM work using the following steps:
Step 1: Copy an ASDM image file into ASA flash memory.
Use TFTP to copy an ASDM image file from your PC to the ASA's flash memory. You can verify that the ASDM image was copied by using the dir disk0:/ command to display the flash file system contents.
ciscoasa# dir disk0:/
Directory of disk0:/
136 -rwx 27260928 13:53:20 Nov 24 2012 asa901-k8.bin
137 -rwx 4181246 07:32:20 Jun 05 2010 securedesktop-asa-3.2.1.103-k9.pkg
138 -rwx 398305 07:32:38 Jun 05 2010 sslclient-win-1.1.0.154.pkg
139 -rwx 17449432 13:23:38 Nov 24 2012 asdm-701.bin
140 -rwx 14240396 15:53:48 Mar 11 2010 asdm-631.bin
17 drwx 4096 07:36:28 Jun 05 2010 crypto_archive
10 drwx 4096 22:12:48 Dec 04 2010 log
107 -rwx 1530 03:37:59 May 16 2013 7_2_4_0_startup_cfg.sav
18 drwx 4096 22:13:20 Dec 04 2010 coredumpinfo
142 -rwx 4096 03:00:06 Apr 14 2013 ._asa901-k8.bin
143 -rwx 4096 03:00:10 Apr 14 2013 ._asdm-701.bin
144 drwx 4096 12:01:08 Apr 14 2013 .fseventsd
145 -rwx 4096 23:38:12 Dec 04 2010 ._.Trashes
146 drwx 4096 23:38:12 Dec 04 2010 .Trashes
147 drwx 4096 23:38:14 Dec 04 2010 .Spotlight-V100
148 -rwx 15943680 15:51:14 Mar 11 2010 asa831-k8.bin
149 -rwx 28119320 13:23:52 Nov 24 2012 asdm-demo-701.msi
150 -rwx 4096 03:00:16 Apr 14 2013 ._asdm-demo-701.msi
127111168 bytes total (17145856 bytes free)
Step 2: Specify the ASDM image file to use.
Use the asdm image command to specify which ASDM image file to use. The IOS and ASDM images must be compatible before ASDM can be used.
You can use the show asdm image command to display the file location and name.
ciscoasa# show asdm ?
history Show contents of Device Manager history buffer
image Show current Device Manager image file
log_sessions Show current Device Manager logging sessions
sessions Show current Device Manager sessions
ciscoasa# show asdm image
Device Manager image file not set
ciscoasa# configure terminal
ciscoasa(config)# asdm ?
configure mode commands/options:
group Associate object group names with interfaces. Warning: This option
is designed for use solely by ASDM. Do not manually configure this
option.
history Enable/Disable Device Manager data sampling
image Specify Device Manager image file path
location Associate an external network object with an interface. Warning:
This option is designed for use solely by ASDM. Do not manually
configure this option.
exec mode commands/options:
disconnect Specify ASDM session id to be disconnected after this keyword
ciscoasa(config)# asdm image ?
configure mode commands/options:
disk0: Device Manager image file path
flash: Device Manager image file path
ciscoasa(config)# asdm image disk0:/asdm-701.bin
ciscoasa(config)# show asdm image
Device Manager image file, disk0:/asdm-701.bin
Step 3: Enable the HTTP server process.
Both HTTP and HTTPS are supported, although ASDM uses only HTTPS.
ciscoasa(config)# http ?
configure mode commands/options:
Hostname or A.B.C.D The IP address of the host and/or network
authorized to access the HTTP server
X:X:X:X::X/<0-128> IPv6 address/prefix authorized to access the HTTP
server
authentication-certificate Request a certificate from the HTTPS client when
a management connection is being established
redirect Redirect HTTP connections to the security gateway
to use HTTPS
server Enable the http server required to run Device
Manager
ciscoasa(config)# http server ?
configure mode commands/options:
enable Enable the http server required to run Device Manager
idle-timeout Idle timeout in minutes (single routed mode only)
session-timeout Session timeout in minutes (single routed mode only)
ciscoasa(config)# http server enable
Step 4: Specify the IP addresses to allow access the ASDM.
In the example, we permit clients on the 192.168.1.0/24 subnet on the "inside" interface.
ciscoasa(config)# http 192.168.1.0 ?
configure mode commands/options:
A.B.C.D The IP netmask to apply to the IP address
ciscoasa(config)# http 192.168.1.0 255.255.255.0 ?
Current available interface(s):
inside Name of interface Vlan1
outside Name of interface Vlan2
ciscoasa(config)# http 192.168.1.0 255.255.255.0 inside
Hi John,
ReplyDeleteMay i know how you simulated ASA in gns3? How to get the free license too? Many thanks.
I use ASAv. You don't need to license the ASAv and it has "limited" features which you just need for a lab.
Deletehttps://ccnpsecuritywannabe.blogspot.com/2018/04/asav-in-gns3-20.html