ASDM Update configuration Screen

sestonenppd · ‎06-12-2009

What is it that this exactly does and why does it do it?

This is ver5.0.7 used with an ASA5510 ver7.0. The ASA was pretty much all configured before starting the ASDM. My analyst doesn't think it is of much use but I like it. I need to convince him otherwise and he's leary of me submitting this programming without knowing exactly what it's doing. I think it is just for monitoring the ASA and doesn't negatively impact the cli other than to add these lines of code so that the ASDM can show what the ASA is doing. Your thoughts?

Richard Burts · ‎06-12-2009

Scott

You say that: "he's leary of me submitting this programming without knowing exactly what it's doing." and I say "right on".

You have a good point that the ASDM has a useful function in monitoring what is going on with the ASA. But he has an excellent point that the ASDM is also a powerful tool for making config changes. You seriously underestimate the ASDM when you say: "I think it is just for monitoring the ASA and doesn't negatively impact the cli". If you do not understand what you are doing with ASDM or if you get careless with ASDM you can do SERIOUS damage to the ASA. (note: the same point applies to what you do with CLI: if you do not understand what you are doing or if you get careless with CLI you can do SERIOUS damage to the ASA).

So bottom line: we need to understand very clearly what our tools are capable of doing - and we need to be very careful to not be careless.

HTH

Rick

HTH

Rick

sestonenppd · ‎06-15-2009

Yes, thank you for chewing my a** for asking the question with out answering it.

I understand that the ASDM is capable of doing (configwise) almost everything the CLI can. Not the question. The question was what do these specific commands, issued by the ASDM upon initial start up of the ASDM, do. To clarify further, these are the actual commands:

asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside

asdm location xxx.xxx.xxx.xxx 255.255.255.192 outside

asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside

asdm location xxx.xxx.xxx.xxx 255.255.255.0 outside

asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside

asdm location xxx.xxx.xxx.xxx 255.255.0.0 outside

asdm location xxx.xxx.xxx.xxx 255.255.255.255 management

asdm location xxx.xxx.xxx.xxx 255.255.255.255 outside

asdm group NNNNN-dev-net NNNNN-dev

asdm group AAAAAAAAA-net outside

asdm group MMMM-field outside

asdm group BBBB-farm outside

asdm group PPPPNET outside

asdm group ZZZ-net outside

asdm group NNNN-admin outside

Where xxx.xxx.xxx.xxx = a specific IP; NNNN, MMMM, BBBB, PPPP, and ZZZ = name of group

The IOS lists the following descriptions for the "group" and "location" parameters:

group Associate object group names with interfaces. Warning: This option

is designed for use solely by ASDM. Do not manually configure this

option.

WORD Specify name of an object group that contains

real IP addresses or

name of an object group which contains (NATed) IP

addresses of the object group specified by real_group_name,

usage: '[no] asdm group ',

[no] asdm group reference

location Associate an external network object with an interface. Warning:

This option is designed for use solely by ASDM. Do not manually

configure this option.

Hostname or A.B.C.D IP address of host or network used internally by the

Device Manager to define the network topology.

Two days of searching cisco.com or other forums have not resulted in anything more specific than this.

So, again I ask, will these commands cause any detrimental impact on the current function of the ASA?

I say no. But I need to prove that. I'm not suggesting issuing any other commands other than those listed.

sestonenppd · ‎06-24-2009

Finally found this in a Command Reference. Still doesn't tell me much. If someone has amplifying data, I'd appreciate it.

http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/ab.html#wp1345787