06-12-2009 01:07 PM - edited 03-11-2019 08:42 AM
What is it that this exactly does and why does it do it?
This is ver5.0.7 used with an ASA5510 ver7.0. The ASA was pretty much all configured before starting the ASDM. My analyst doesn't think it is of much use but I like it. I need to convince him otherwise and he's leary of me submitting this programming without knowing exactly what it's doing. I think it is just for monitoring the ASA and doesn't negatively impact the cli other than to add these lines of code so that the ASDM can show what the ASA is doing. Your thoughts?
06-12-2009 07:03 PM
Scott
You say that: "he's leary of me submitting this programming without knowing exactly what it's doing." and I say "right on".
You have a good point that the ASDM has a useful function in monitoring what is going on with the ASA. But he has an excellent point that the ASDM is also a powerful tool for making config changes. You seriously underestimate the ASDM when you say: "I think it is just for monitoring the ASA and doesn't negatively impact the cli". If you do not understand what you are doing with ASDM or if you get careless with ASDM you can do SERIOUS damage to the ASA. (note: the same point applies to what you do with CLI: if you do not understand what you are doing or if you get careless with CLI you can do SERIOUS damage to the ASA).
So bottom line: we need to understand very clearly what our tools are capable of doing - and we need to be very careful to not be careless.
HTH
Rick
06-15-2009 05:22 AM
Yes, thank you for chewing my a** for asking the question with out answering it.
I understand that the ASDM is capable of doing (configwise) almost everything the CLI can. Not the question. The question was what do these specific commands, issued by the ASDM upon initial start up of the ASDM, do. To clarify further, these are the actual commands:
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.192 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.0 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.0.0 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 management
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside
asdm group NNNNN-dev-net NNNNN-dev
asdm group AAAAAAAAA-net outside
asdm group MMMM-field outside
asdm group BBBB-farm outside
asdm group PPPPNET outside
asdm group ZZZ-net outside
asdm group NNNN-admin outside
Where xxx.xxx.xxx.xxx = a specific IP; NNNN, MMMM, BBBB, PPPP, and ZZZ = name of group
The IOS lists the following descriptions for the "group" and "location" parameters:
group Associate object group names with interfaces. Warning: This option
is designed for use solely by ASDM. Do not manually configure this
option.
WORD Specify name of an object group
real IP addresses or
name of an object group
addresses of the object group specified by real_group_name,
usage: '[no] asdm group
[no] asdm group
location Associate an external network object with an interface. Warning:
This option is designed for use solely by ASDM. Do not manually
configure this option.
Hostname or A.B.C.D IP address of host or network used internally by the
Device Manager to define the network topology.
Two days of searching cisco.com or other forums have not resulted in anything more specific than this.
So, again I ask, will these commands cause any detrimental impact on the current function of the ASA?
I say no. But I need to prove that. I'm not suggesting issuing any other commands other than those listed.
06-24-2009 04:21 AM
Finally found this in a Command Reference. Still doesn't tell me much. If someone has amplifying data, I'd appreciate it.
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/ab.html#wp1345787
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: