There's another free tool called Cisco ASA CLI Analyzer, which makes our firewall troubleshooting a lot easier. It was originally meant for the ASA but Cisco later on added support to run System Diagnostics for the IOS, IOS-XE and IOS-XR. It's like a light version of ASDM and complements it since there'll always be some kind of Java problem running ASDM. Go to this link to download this tool (CCO login required) and the user guide is found on this link. The installation is quite easy to follow.
After login, it runs a short script to get the ASA version. The device is also automatically added on the Devices tab's dashboard.
You'll need to add first the ASA device either clicking Connect or New Session tab > type the ASA IP/Hostname > click Next. Make sure the PC running the CLI Analyzer is allowed to SSH/Telnet to the ASA:
ssh <PC IP> <SUBNET MASK> <INTERFACE>
After login, it runs a short script to get the ASA version. The device is also automatically added on the Devices tab's dashboard.
Click Tools and click on the green “play” button to run the Firewall Top Talkers.
The next tool is the Packet Tracer (similar in ASDM). Click the “gear”
button, select the protocol (TCP, UDP or ICMP), Ingress or Egress interface, type IP address or ports to be simulated by the ASA. Click the green “play”
button to run the simulated traffic.
The third tool is System Diagnostics which will show you the “best
practice” configuration on the command lines that needs to be changed.
The last tool is Traceback Analyzer which will show you the
ASA vulnerability (if any) and patch to be applied.
