ASDM first-time install

May 4th, 2009

We recently upgraded our PIX-525 from v6.3.5 to v8.0.4. All went well with the upgrade. We formerly used the PDM for management of the PIX. Now, I see that the ASDM is used.

My question is: How is the ASDM installed for the first time? I have tried searching artlicles, and all I can seem to find is how to upgrade, but not install initially.

I have already performed:

1. Download ASDM.bin image and TFTP to flash on PIX (copy tftp flash)

2. Entered "asdm image flash:/asdm.bin"

3. "http server enable"

4. "asdm history enable"

and then saved and reloaded.

However, I am still unable to access the ASDM. What am I missing? Any advice or links to articles on initial ASDM install would be appreciated.

John Blakley Mon, 05/04/2009 - 09:52

I'm not sure by what you mean you can't access it, but you'll need to give yourself access.

http inside

The address is whatever your host or network you want to allow to use ASDM, and "inside" is the interface you'll be coming in on.



olhcc Mon, 05/04/2009 - 10:04

I have allowed access, but I simply get a "Cannot Connect" error from my browser. I have used nmap to scan the PIX's inside interface, and it does show port 443 open.

One thing I noticed is that no certificate info is shown in the PIX config. Do I need to install a new SSL certificate in order to be able to connect using HTTPS?

Also, I am using the URL Is this correct?

Richard Burts Mon, 05/04/2009 - 11:30


In my experience it is sufficient to just:

I do not believe that you need /asdm

If you just https to the device it should prompt you about ASDM and give you a choice about downloading the GUI.

[edit] while a new SSL certificate may be desirable it is certainly not required for ASDM to work. I have ASDM on several boxes with self signed certificates and they work.



olhcc Mon, 05/04/2009 - 11:51

I'm still not getting anything. How do I create a new cert?

Also, when I TFTP the image, I just used "copy tftp flash." An associate of mine said that on older versions of the PIX, to install the PDM you had to tell it during the TFTP command, something like "copy tftp flash:pdm" Could the ASDM require the same type of command?

John Blakley Mon, 05/04/2009 - 12:46

Well, first, you need to make sure that you have the correct asdm bin file for the version of IOS you're running. You can tell that when you go to download the file. Copying via tftp to flash is fine. You don't have to pass any other parameters.

To generate a key, you can do:

crypt key generate rsa general-keys mod 1024




