Solved: Noob Questions

jim_berlow · ‎01-19-2009

Alright, so I am a complete newbie to the ASA (I worked with the Pix 515 way back but I admit I have forgotten most everything).

First question - how do I connect to the ADSM? Do I need to load software on my laptop or can I just point a browser and go to it after going through the setup wizard for the ASA?

Thanks.

Jon Marshall · ‎01-20-2009

Jim

SSH - yes to the outside

ASDM - yes using https

Telnet - no unless you do it through an IPSEC vpn.

Jon

View solution in original post

Mark Yeates · ‎01-19-2009

Jim,

ASDM can be loaded VIA a web browser by connecting to the ASA, or be installed on your local PC.

If you connect to the ASA:

https://asaipaddress

You are prompted to either load the applet for one time use, or download and install ASDM to your local PC.

HTH,

Mark

jim_berlow · ‎01-20-2009

Thanks Mark. Nice to know that it is simple.

Another question. I am upgrading a 515E (v 6.3) to a ASA 5505. With the amount of configuration done to the 515E, I was thinking the easiest way to upgrade to the 5505 would be to simply copy the configuration over from the one Pix to the ASA. From the research I've done, it sounds like this would work and that the ASA will actually convert some of the old commands with the new syntax (where necessary).

Am I going about this the right way? Or is there another way in which most people would do this upgrade?

Any help is appreciated!

Jim

hunnetvl01 · ‎01-20-2009

Jim,

As far as I know , not all the configuration can be copy-pasted , but there is a tool on cisco where you can convert the older configuration files to newer ones and still you might have some missing from the new config.

Vlad

jim_berlow · ‎01-20-2009

Thanks, Vlad. I found the conversion tools (PixtoASAsetup.exe and OCC-121.zip) to use.

I hope this will convert enough of it to be useful (I only get one small window to do this upgrade).

Jim

jim_berlow · ‎01-20-2009

Hey -

Just a general question. In the old days, you had to use SSH to access a public interface of a PIX. Is this still the case today or does the ASDM allow you to HTTPS to an outside ip address?

Thanks,

Jim

Mark Yeates · ‎01-20-2009

If I remember correctly outside access is disabled by default. You can configure outside access to the firewall (SSH, telnet or ASDM.. etc) from the outside if needed. Generally I will use remote access VPN to access the firewall instead of just accessing the outside interface. You can reference this with the ASA configuration guide for more info.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1042016

HTH,

Mark

Edit: Jon is correct with SSH and ASDM from the outside. I guess I didn't remember correctly...

Jon Marshall · ‎01-20-2009

Jim

SSH - yes to the outside

ASDM - yes using https

Telnet - no unless you do it through an IPSEC vpn.

Jon

jim_berlow · ‎01-20-2009

Thanks guys - I'm piecing it together.

I'm setting up a site2site vpn and was starting to think about how to access the second remote ASA when there is no tunnel configured yet. Sounds like I'll need to a basic config and ship it out there (making sure I can reach the outside ip before it leaves the office).

Seems funny to need to ask all these basic Q's when I already know how to do the more elaborate stuff like the VPNs, Access Controls, etc.

Thanks for your help!

Jim