02-20-2008 01:09 AM - edited 03-11-2019 05:05 AM
Hi people
I have recently checked out the ASDM package and I really like the information that you can see in it, speed / active vpn tunnels etc.
But is there anyway you can have "ASDM" on a already CLI configured ASA without messing it up? I just want the information, not configure the ASA from the ASDM.
I read the docs and they pretty much want a clean install and you have to pick ASDM
or CLI configuration and stick with it, or it gets messy.
I'm currently polling my ASA to a MRTG but I cant see active ipsec/vpn tunnels / specific host data flow.
Sure I could get this through commands in CLI but... well ASDM is nice :D
Thanks
Solved! Go to Solution.
02-20-2008 01:38 AM
Iam using ASDM exactly in this way .. ASDM provide great service for monitoring but I have never used it for configuration.. I want control on my configuration so i trust only CLI (there are also few commands unsupported in ASDM)
You can install and use ASDM for monitoring without doubts - your CLI configuration is unaffected until you do configuration tasks in ASDM
M.
02-20-2008 01:38 AM
Iam using ASDM exactly in this way .. ASDM provide great service for monitoring but I have never used it for configuration.. I want control on my configuration so i trust only CLI (there are also few commands unsupported in ASDM)
You can install and use ASDM for monitoring without doubts - your CLI configuration is unaffected until you do configuration tasks in ASDM
M.
02-20-2008 01:51 AM
Alright so it doesnt affect the conf if I now decide to install asdm? great gonna try it then
Thanks!
02-20-2008 02:35 AM
Yes dont worry you can go ahead
install ASDM (just copy asdm image to firewall flash)
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml#t8
Than you must enable the ASA/PIX Security Appliance to start its secure web server Enter the command
http server enable
After the ASA/PIX Security Appliance web server is enabled, you must tell the security appliance who can access ASDM and where they are located. To accomplish this, enter the address of your PC and tell the security appliance you are located on the inside interface (let we say you PC is 192.168.1.2) Enter the command
http 192.168.1.2 255.255.255.255 inside
Than you can access to ASDM via https (let we say inside IP of firewall is 192.168.1.1
M.
02-20-2008 04:25 AM
You can also set the ASDM preferences to preview commands before sending them to the device.
On the top menu of the ASDM, click Tools -> Preferences and check Preview commands before sending them to the device. This will show you the exact command-line entries that will be applied when you submit a change through the ASDM.
02-20-2008 05:57 AM
Hey guys, thanks for the answers
-Using ASA5510-
Is it possible to create a virtual interface and put the mananagement interface there?
Or do I really have to "burn" the manamagement port for this?
My internal lan has 192.168.10/24 address
The ASA outside interface has 192.168.10.5
So I create a "dmz" on the outside interface (ethernet 0/0.2) etc and put the management-only and ip adress on it?
Something like this
interface Ethernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 192.168.10.5 255.255.255.0
!
interface Ethernet0/0.3
vlan 3
nameif mngmt
security-level 0
ip address 192.168.1.1 255.255.255.0
management-only
!
interface Ethernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
And then add access in the outside ACL and put a static link?
(not getting it to work atm so thats why im asking if its possible at all :) )
Thanks gain
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: