Beruflich Dokumente
Kultur Dokumente
Lesson 2
What Is ASDM?
ASDM is a browser-based configuration tool designed to help configure and monitor your security appliance.
ASDM Features
Runs on a variety of platforms
ASDM sessions
5 ASDM sessions per unit (single mode) or context (multiple mode) 32 sessions per unit in multiple mode Operates on PIX 515E, 525, and 535* Security Appliances
Operates on Cisco ASA 5505, 5510, 5520, 5540, and 5550 Security Appliances
* ASDM Version 5.2 is not supported on the PIX 501 or 506 Security Appliance.
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop
Supported Platforms
Running ASDM
Run ASDM as a:
Local application
Java applet
Domain name
Enable the HTTP server on the security appliance IP addresses of hosts authorized to access HTTP server If more than one ASDM image is stored in the flash memory of your security
appliance, also specify the ASDM image to be used.
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop
Setup Dialog
Pre-configure Firewall now through interactive prompts [yes]? <Enter> Firewall Mode [Routed]: Enable Password [<use current password>]: cisco123 Allow password recovery [yes] ? Clock (UTC) Year [2006]: <Enter> Month [Sep]: <Enter> Day [2]: <Enter> Time [10:21:49]: <Enter> Inside IP address: 10.0.1.1 Inside network mask: 255.255.255.0 Host name: asa1 Domain name: ciscoasa.com IP address of host running Device Manager: 10.0.1.11 Use this configuration and write to flash? Y
Interface Status
System Resources
Traffic Status
Syslog Messages
License tab
Startup Wizard
Startup Wizard
Interfaces NAT and PAT Hostname Domain name Enable password
VPN Wizard
VPN Wizard
Site-to-Site Remote Access
Configuration Window
Configuration Interface Security Policy NAT VPN IPS or Trend Micro Content Security CSD Manager Routing Global Objects Properties
Interfaces
IP address Static DHCP Same security level
Security Policy
NAT
Translation Rules NAT Policy NAT NAT exemption Maximum connections Embryonic connections NAT0
VPN
Edit VPN
General
IKE
IPsec IP Address Management Load Balancing NAC WebVPN E-Mail Proxy
Note: Use the Remote Access or Site-to-Site VPN Wizard for new VPN connections.
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop
Routing
Static Routes Dynamic Routing OSPF RIP Multicast IGMP MRoute PIM Proxy ARPs
Global Objects
Network Object Groups IP Names Service Groups Class Maps Inspect Maps Regular Expressions TCP Maps Time Ranges
Properties
AAA Setup Anti-Spoofing ARP Auto Update Client Update
Certificates
Device Access Device Administration DHCP Services DNS High Availability and Scalability Wizard Failover Fragment History Metrics HTTP/HTTPS and more
2008 Cisco Systems, Inc. All rights reserved. 1 Day ASA Workshop
Monitoring Button
Interfaces VPN IPS or Trend Micro Content Security Routing Properties Logging
The Interface Graphs panel enables you to monitor per-interface statistics, such as bit rates, for each enabled interface on the security appliance.
Packet Tracer
Interface
Flow lookup
Route lookup
Access list
Tools
Tools Command Line Interface Packet Tracer Ping Traceroute File Management Ugrade Software Upload ASDM Assistant Guide System Reload ASDM Java Console
System: Configuration
Monitoring
Context: Configuration Monitoring
System Configuration
System Configuration: Interfaces Resource Class Security Contexts High Availability and Scalability Wizard Failover Properties
System Monitoring
Context Configuration
Context Configuration: Interfaces Security Policy NAT IPS or Trend Micro Content Security Routing Global Objects Properties
Context Monitoring
Context Monitoring: Interfaces IPS or Trend Micro Content Security Routing Properties Logging
Summary
Summary
ASDM is a browser-based tool used to configure your security appliance. Minimal setup on the security appliance is required to run ASDM. ASDM contains several tools in addition to the GUI to help you configure your security appliance.
The following ASDM wizards are available to simplify security appliance configuration:
Startup Wizard: Walks you step by step through the initial configuration of the security appliance VPN Wizard: Walks you step by step through the creation of site-tosite and remote access VPNs High Availability and Scalability Wizard: Walks you step by step through the configuration of active/active failover, active/standby failover, and VPN cluster load balancing