Cisco ASA 5505 peculiarities

Unanswered Question
Feb 19th, 2010

I am just starting out using a Cisco ASA 5505 device, but have to say that I have encountered some peculiarities with the software.

To start, when I try to connect to the device from my Microsoft Windows XP service pack 3 machine via the Cisco ASDM Launcher that it tries to connect and then fails with the typical error message saying to check the configuration or connection.

After playing around with the settings on the GUI I discovered that clearing the internal log buffer would then enable the Launcher to connect to the device without a hitch.  Apparently garbage in the internal log buffer is interfering with connecting?

Next I found that not only me, but other users were having problems using the ASA5505 with a static IP modem.  Initially I thought it was just me, but then did the Google search to discover that about a dozen other people had the same identical problem.  I didn't feel so bad then.  After some reading of other tips and information, after exhausting the Cisco documents dry, I did find one person who said to set the NAT table.

That almost fixed the problem.  Things started working after I opened up the outside interface net mask.  (and strangely enough kept working after I narrowed back down from to

Things were cruising along, until I saw a computer on the other side of my company's gateway try to connect to one in the LAN.  This forced me to create an access rule (or so I thought) and immediately all the local computers lost connectivity with the DNSs and thus with the internet.

Strangely enough, while looking at the log file, I did see that the packets were being dropped due to an access list violation, but which access list??  I didn't create any, so I thought, and chasing down the access lists led to nothing.

Slowly I realized that the Cisco firmware was creating its own internal access control lists, from the rules that I created in the Security rules section of the GUI.  How about letting the poor administrator see those access lists?  I would like to feel that I really can administer the machine, not be a hapless victim of some "user friendly" software.

So I had to play around with the rules for awhile, until I was able to successfully allow access to the local group, but block any connection attempts from the sister LAN (thanks Microsoft for your windows browser protocols and file sharing which causes the computers to connect to every other MS OS computer in the world)

Another nit pick that I had is when I saw the security rules that let the inside interface have access to every other low security interface.  Clicking upon that interface never showed just exactly how this is done.  Did someone forget to put some of the CLI software into the ASDM GUI software?  I strongly suspect that CLI was how all this originally started, but its feature rich command set just didn't quite make it into the GUI software?  Anyone listening?

I do appreciate that Cisco did allow CLI from the GUI.

The start up guide that came with the ASA was only 50% usable, due to the fact that I had to work into a static IP, not DHCP.  I would like to see Cisco add a section in Chapter 5 to address this type of configuration for their first time people.

Finally, I would like to see that irritating internal log buffer flush problem fixed so my ASDM launcher will always connect the first time.

Thanks for bearing with me, I would give the software overall a 80% rating.  More discussion needs to be shown about how the device is really working with the default settings, and I would like to some more administration control of those "automatic" access control lists.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion