Cisco Adaptive Security Device Manager ASDM

Lesson 2

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

ASDM Overview and Operating Requirements

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

What Is ASDM?

Internet SSL Secure Tunnel

ASDM is a browser-based configuration tool designed to help configure and monitor your security appliance.

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

ASDM Features
Runs on a variety of platforms

Implemented in Java to provide robust, real-time monitoring

Works with SSL to ensure secure communication with the PIX security appliance Comes preloaded in flash memory on new Cisco ASA and Cisco PIX security appliances running Versions 7.2 and later

ASDM sessions
5 ASDM sessions per unit (single mode) or context (multiple mode) 32 sessions per unit in multiple mode Operates on PIX 515E, 525, and 535* Security Appliances

Operates on Cisco ASA 5505, 5510, 5520, 5540, and 5550 Security Appliances

* ASDM Version 5.2 is not supported on the PIX 501 or 506 Security Appliance.
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop

ASDM Security Appliance Requirements

A security appliance must meet the following requirements to run ASDM:
Activation key that enables DES or 3DES Supported Java plug-in Security appliance software version compatible with the ASDM software version you plan to use* Hardware model compatible with the ASDM software version you plan to use

* ASDM Version 5.2 requires Security Appliance Software Version 7.2.

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

ASDM Browser Requirements

To access ASDM from a browser, the following requirements must be met:
JavaScript and Java must be enabled on the computer where the browser resides. SSL must be enabled in the browser.

Popup blockers may prevent ASDM from starting.

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Supported Platforms

Windows Sun Solaris Linux

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Running ASDM

Run ASDM as a:

Local application
Java applet

Launch Startup Wizard

2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop

Preparing for ASDM

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Configure the Security Appliance to Use ASDM

Before you can use ASDM, you need to enter the following information on the security appliance via a console terminal:
Time
Inside IP address Inside network mask Host name

Domain name
Enable the HTTP server on the security appliance IP addresses of hosts authorized to access HTTP server If more than one ASDM image is stored in the flash memory of your security
appliance, also specify the ASDM image to be used.
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop

Setup Dialog
Pre-configure Firewall now through interactive prompts [yes]? <Enter> Firewall Mode [Routed]: Enable Password [<use current password>]: cisco123 Allow password recovery [yes] ? Clock (UTC) Year [2006]: <Enter> Month [Sep]: <Enter> Day [2]: <Enter> Time [10:21:49]: <Enter> Inside IP address: 10.0.1.1 Inside network mask: 255.255.255.0 Host name: asa1 Domain name: ciscoasa.com IP address of host running Device Manager: 10.0.1.11 Use this configuration and write to flash? Y

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Navigating ASDM Configuration Windows

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

ASDM Home Window

Menu bar Main toolbar Device Information - General - License VPN Status

Interface Status

System Resources

Traffic Status

Syslog Messages

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

ASDM Home Window (Cont.)

License tab

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Startup Wizard

Startup Wizard
Interfaces NAT and PAT Hostname Domain name Enable password

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

VPN Wizard

VPN Wizard
Site-to-Site Remote Access

Note: Use Configuration > VPN to edit VPN connections.

2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop

High Availability and Scalability Wizard

High Availability and Scalability Wizard

Active/Active Failover Active/Standby Failover VPN Cluster Load Balancing

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Configuration Window
Configuration Interface Security Policy NAT VPN IPS or Trend Micro Content Security CSD Manager Routing Global Objects Properties

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Interfaces
IP address Static DHCP Same security level

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Security Policy

Access Rules AAA Rules Filter Rules Service Policy Rules

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

NAT
Translation Rules NAT Policy NAT NAT exemption Maximum connections Embryonic connections NAT0

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

VPN
Edit VPN
General

IKE
IPsec IP Address Management Load Balancing NAC WebVPN E-Mail Proxy

Note: Use the Remote Access or Site-to-Site VPN Wizard for new VPN connections.
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop

VPN Policy Configuration

Client Firewall WebVPN General IPsec Client Configuration NAC Hardware Client

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Cisco Secure Desktop

Windows Location Settings VPN Feature Policy Keystroke Logger Cache Cleaner Secure Desktop General Secure Desktop Settings Secure Desktop Browser Windows CE VPN Feature Policy Mac and Linux Cache Cleaner VPN Feature Policy Cache Cleaner

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Routing

Static Routes Dynamic Routing OSPF RIP Multicast IGMP MRoute PIM Proxy ARPs

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Global Objects

Network Object Groups IP Names Service Groups Class Maps Inspect Maps Regular Expressions TCP Maps Time Ranges

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Properties
AAA Setup Anti-Spoofing ARP Auto Update Client Update

Certificates
Device Access Device Administration DHCP Services DNS High Availability and Scalability Wizard Failover Fragment History Metrics HTTP/HTTPS and more
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop

Monitoring Button
Interfaces VPN IPS or Trend Micro Content Security Routing Properties Logging

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Interface Graphs Panel

The Interface Graphs panel enables you to monitor per-interface statistics, such as bit rates, for each enabled interface on the security appliance.

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Packet Tracer
Interface

Source IP Source port

Destination IP Destination port

Flow lookup

Route lookup

Access list

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Options > Preferences

Options

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Tools
Tools Command Line Interface Packet Tracer Ping Traceroute File Management Ugrade Software Upload ASDM Assistant Guide System Reload ASDM Java Console

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Navigating ASDM Multimode Windows

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Multimode Home Page

System: Configuration

Monitoring
Context: Configuration Monitoring

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

System Configuration

System Configuration: Interfaces Resource Class Security Contexts High Availability and Scalability Wizard Failover Properties

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

System Monitoring

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Context Configuration

Context Configuration: Interfaces Security Policy NAT IPS or Trend Micro Content Security Routing Global Objects Properties

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Context Monitoring

Context Monitoring: Interfaces IPS or Trend Micro Content Security Routing Properties Logging

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Summary

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

Summary
ASDM is a browser-based tool used to configure your security appliance. Minimal setup on the security appliance is required to run ASDM. ASDM contains several tools in addition to the GUI to help you configure your security appliance.

The following ASDM wizards are available to simplify security appliance configuration:
Startup Wizard: Walks you step by step through the initial configuration of the security appliance VPN Wizard: Walks you step by step through the creation of site-tosite and remote access VPNs High Availability and Scalability Wizard: Walks you step by step through the configuration of active/active failover, active/standby failover, and VPN cluster load balancing

2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop

 2008 Cisco Systems, Inc. All rights reserved.

1 Day ASA Workshop