ASDM Location commands

Unanswered Question
Aug 26th, 2008
User Badges:

I am trying to help a friend get ASDM working with his FWSM. The FWSM is running 3.1 and I am using ASDM version 5.2(4)f.

When starting the ASDM software it comes up askinf if you want to add some ASDM Location commands for about 4 networks.

It says if you don't add these commands you can only use ASDM in monitor mode.

The documentation on ASDM Location is not very clear. Any ideas on what this does and if it is safe?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Tue, 08/26/2008 - 13:56
User Badges:
  • Green, 3000 points or more

If I recall asdm location provides the firewall with a topology of hosts or networks in relation to its interfaces.

if you have a host or nework for example without the nameif

asdm localtion the firewall does not relate this information to any of its interfaces, I can think of it is possible that in one event the administrator of the firewall may have configured an access list via cli with IP addresses information and when loading the gui asdm does not have that new information even if it was saved on the firewall. So it is important to know which networks is it that the ASDM is asking for that you know which interface it relates to.

Usually this is done by asdm when creating network or hosts .

if you go to the command line config mode and issue asa(config)#asdm ? with a question mark it will give more subcommand information on keyword location



AndyWaldoz Wed, 08/27/2008 - 00:25
User Badges:


Before running firmware asa722-k8.bin and asdm-522.bin ASDM "asdm location" config lines were created when we created a network object.

After the upgrade to asa722-k8.bin and asdm-522.bin this dissapeared.

We recently upgraded to asa724-k8.bin and asdm-524.bin which brought those config lines back.

So could anyone tell me if "asdm location" is needed, if not can we make sure those lines wont pollute the config file?




This Discussion