×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASDM but not ASDM?

Answered Question
Feb 20th, 2008
User Badges:

Hi people


I have recently checked out the ASDM package and I really like the information that you can see in it, speed / active vpn tunnels etc.


But is there anyway you can have "ASDM" on a already CLI configured ASA without messing it up? I just want the information, not configure the ASA from the ASDM.


I read the docs and they pretty much want a clean install and you have to pick ASDM

or CLI configuration and stick with it, or it gets messy.


I'm currently polling my ASA to a MRTG but I cant see active ipsec/vpn tunnels / specific host data flow.


Sure I could get this through commands in CLI but... well ASDM is nice :D


Thanks



Correct Answer by m.sir about 9 years 6 months ago

Iam using ASDM exactly in this way .. ASDM provide great service for monitoring but I have never used it for configuration.. I want control on my configuration so i trust only CLI (there are also few commands unsupported in ASDM)

You can install and use ASDM for monitoring without doubts - your CLI configuration is unaffected until you do configuration tasks in ASDM

M.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
m.sir Wed, 02/20/2008 - 01:38
User Badges:
  • Gold, 750 points or more

Iam using ASDM exactly in this way .. ASDM provide great service for monitoring but I have never used it for configuration.. I want control on my configuration so i trust only CLI (there are also few commands unsupported in ASDM)

You can install and use ASDM for monitoring without doubts - your CLI configuration is unaffected until you do configuration tasks in ASDM

M.

azore2007 Wed, 02/20/2008 - 01:51
User Badges:

Alright so it doesnt affect the conf if I now decide to install asdm? great gonna try it then


Thanks!

m.sir Wed, 02/20/2008 - 02:35
User Badges:
  • Gold, 750 points or more

Yes dont worry you can go ahead

install ASDM (just copy asdm image to firewall flash)

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml#t8


Than you must enable the ASA/PIX Security Appliance to start its secure web server Enter the command

http server enable


After the ASA/PIX Security Appliance web server is enabled, you must tell the security appliance who can access ASDM and where they are located. To accomplish this, enter the address of your PC and tell the security appliance you are located on the inside interface (let we say you PC is 192.168.1.2) Enter the command

http 192.168.1.2 255.255.255.255 inside


Than you can access to ASDM via https (let we say inside IP of firewall is 192.168.1.1

https://192.168.1.1/


M.

You can also set the ASDM preferences to preview commands before sending them to the device.


On the top menu of the ASDM, click Tools -> Preferences and check Preview commands before sending them to the device. This will show you the exact command-line entries that will be applied when you submit a change through the ASDM.

azore2007 Wed, 02/20/2008 - 05:57
User Badges:

Hey guys, thanks for the answers


-Using ASA5510-


Is it possible to create a virtual interface and put the mananagement interface there?


Or do I really have to "burn" the manamagement port for this?


My internal lan has 192.168.10/24 address


The ASA outside interface has 192.168.10.5


So I create a "dmz" on the outside interface (ethernet 0/0.2) etc and put the management-only and ip adress on it?


Something like this


interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address 192.168.10.5 255.255.255.0

!

interface Ethernet0/0.3

vlan 3

nameif mngmt

security-level 0

ip address 192.168.1.1 255.255.255.0

management-only

!

interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 192.168.2.1 255.255.255.0



And then add access in the outside ACL and put a static link?


(not getting it to work atm so thats why im asking if its possible at all :) )


Thanks gain

Actions

This Discussion