Noob Questions

Answered Question
Jan 19th, 2009
User Badges:
  • Bronze, 100 points or more

Alright, so I am a complete newbie to the ASA (I worked with the Pix 515 way back but I admit I have forgotten most everything).


First question - how do I connect to the ADSM? Do I need to load software on my laptop or can I just point a browser and go to it after going through the setup wizard for the ASA?


Thanks.

Correct Answer by Jon Marshall about 8 years 4 months ago

Jim


SSH - yes to the outside

ASDM - yes using https

Telnet - no unless you do it through an IPSEC vpn.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Mark Yeates Mon, 01/19/2009 - 18:53
User Badges:
  • Gold, 750 points or more

Jim,


ASDM can be loaded VIA a web browser by connecting to the ASA, or be installed on your local PC.


If you connect to the ASA:


https://asaipaddress


You are prompted to either load the applet for one time use, or download and install ASDM to your local PC.


HTH,

Mark

jim_berlow Tue, 01/20/2009 - 08:44
User Badges:
  • Bronze, 100 points or more

Thanks Mark. Nice to know that it is simple.


Another question. I am upgrading a 515E (v 6.3) to a ASA 5505. With the amount of configuration done to the 515E, I was thinking the easiest way to upgrade to the 5505 would be to simply copy the configuration over from the one Pix to the ASA. From the research I've done, it sounds like this would work and that the ASA will actually convert some of the old commands with the new syntax (where necessary).


Am I going about this the right way? Or is there another way in which most people would do this upgrade?


Any help is appreciated!


Jim

hunnetvl01 Tue, 01/20/2009 - 08:54
User Badges:

Jim,


As far as I know , not all the configuration can be copy-pasted , but there is a tool on cisco where you can convert the older configuration files to newer ones and still you might have some missing from the new config.


Vlad

jim_berlow Tue, 01/20/2009 - 09:31
User Badges:
  • Bronze, 100 points or more

Thanks, Vlad. I found the conversion tools (PixtoASAsetup.exe and OCC-121.zip) to use.


I hope this will convert enough of it to be useful (I only get one small window to do this upgrade).


Jim

jim_berlow Tue, 01/20/2009 - 10:20
User Badges:
  • Bronze, 100 points or more

Hey -


Just a general question. In the old days, you had to use SSH to access a public interface of a PIX. Is this still the case today or does the ASDM allow you to HTTPS to an outside ip address?


Thanks,

Jim

Mark Yeates Tue, 01/20/2009 - 12:32
User Badges:
  • Gold, 750 points or more

If I remember correctly outside access is disabled by default. You can configure outside access to the firewall (SSH, telnet or ASDM.. etc) from the outside if needed. Generally I will use remote access VPN to access the firewall instead of just accessing the outside interface. You can reference this with the ASA configuration guide for more info.


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1042016


HTH,

Mark



Edit: Jon is correct with SSH and ASDM from the outside. I guess I didn't remember correctly...

Correct Answer
Jon Marshall Tue, 01/20/2009 - 12:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jim


SSH - yes to the outside

ASDM - yes using https

Telnet - no unless you do it through an IPSEC vpn.


Jon

jim_berlow Tue, 01/20/2009 - 12:54
User Badges:
  • Bronze, 100 points or more

Thanks guys - I'm piecing it together.


I'm setting up a site2site vpn and was starting to think about how to access the second remote ASA when there is no tunnel configured yet. Sounds like I'll need to a basic config and ship it out there (making sure I can reach the outside ip before it leaves the office).


Seems funny to need to ask all these basic Q's when I already know how to do the more elaborate stuff like the VPNs, Access Controls, etc.


Thanks for your help!


Jim



Actions

This Discussion