Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASDM access for alreday configured ASA5505

                   Hi,

I have already configured ASA 5505 and I need to get ASDM access to back up its current configuration and reload later.

I GOT following results by using commands at putty and ASA connected through console:

dytasa# sh run asdm

no asdm history enable

dytasa# sh run http

http 192.168.1.0 255.255.255.0 inside

dytasa# sh ip

System IP Addresses:

Interface               Name                   IP address     Subnet mask     Method

Vlan1                   inside                 192.168.0.1     255.255.255.0   CONFIG

Vlan2                   guest                 192.168.100.1   255.255.255.0   CONFIG

Vlan3                   outside               162.212.232.174 255.255.255.252 CONFIG

Current IP Addresses:

Interface               Name                   IP address     Subnet mask     Method

Vlan1                   inside                 192.168.0.1     255.255.255.0   CONFIG

Vlan2                   guest                 192.168.100.1   255.255.255.0   CONFIG

Vlan3                   outside               162.212.232.174 255.255.255.252 CONFIG

please suggest me how I can get ASDM access for this ASA.

Thanks,

Sapinder

3 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

ASDM access for alreday configured ASA5505

Hi,

Try issuing the command

http server enable

I dont see it in the above output you posted

Even though you have not specified the ASDM image to be used the ASA should search the Flash for an image to use

Make sure you have an ASDM imagine in the Flash memory with

dir flash:

- Jouni

Super Bronze

Re: ASDM access for alreday configured ASA5505

Hi,

I dont really personally use the ASDM for anything  else than monitoring the device sometimes and configuring some VPN  related settings.

If you are going to change the "inside" interface IP address I think you might want to do this change through  console cable connection to CLI since your ASDM connection will  naturally be cut off since you are changing the IP address to which you  are connected. I would imagine that at the very least you would need to  reconnect if you were doing this through ASDM. If you were changing the  whole subnet of the "inside" interface then you would need to modify other configurations too.

I think you should be able to configure both the VPN  Client and L2L VPN connection through the wizards. If there is any  problem with the connections then those problems are best solved through  CLI in my opinion.

With regards to the "username" configurations

First  you should create the needed usernames on the ASA and only then  activate the "aaa authentication" for the type of management connetions  you need. Your above example is for the ASDM management.

- Jouni

Super Bronze

ASDM access for alreday configured ASA5505

Hi,

Yes, that should be fine to create a "username" configurations for a firewall admin as its specified with the maximum privilege level 15.

- Jouni

6 REPLIES
Super Bronze

ASDM access for alreday configured ASA5505

Hi,

Try issuing the command

http server enable

I dont see it in the above output you posted

Even though you have not specified the ASDM image to be used the ASA should search the Flash for an image to use

Make sure you have an ASDM imagine in the Flash memory with

dir flash:

- Jouni

New Member

Re: ASDM access for alreday configured ASA5505

Thanks Dear,

I am configuring VPN using a link at http://www.youtube.com/watch?v=lGbsQJOxjsI

Few questions:

1. now I can access ASDM using https://192.168.1.1 and I want to change default IP to some other IP in my network subnet. Do I have to change inside IP by going to start up wizard in ASDM???

2. after site-to-site VPN configuration and I want to set up remote VPN or any client VPN so users moving around can access the main site. Is it possible first I can configure site to site VPN using ASDM site-to-site VPN wizard then I can run remote VPN wizard using ASDM?? Please advise??

3. "how to create an username

username jcarvaja password cisco priv 15 aaa authentication http console LOCAL" -- I will assign username and password using CLI and ASA connected with console cable.

But for using ASDM I don’t need to connect by console cable, right?? I can use simple network cable connected to ASA??

Thanks for all your help!

Thx,

Sap

Super Bronze

Re: ASDM access for alreday configured ASA5505

Hi,

I dont really personally use the ASDM for anything  else than monitoring the device sometimes and configuring some VPN  related settings.

If you are going to change the "inside" interface IP address I think you might want to do this change through  console cable connection to CLI since your ASDM connection will  naturally be cut off since you are changing the IP address to which you  are connected. I would imagine that at the very least you would need to  reconnect if you were doing this through ASDM. If you were changing the  whole subnet of the "inside" interface then you would need to modify other configurations too.

I think you should be able to configure both the VPN  Client and L2L VPN connection through the wizards. If there is any  problem with the connections then those problems are best solved through  CLI in my opinion.

With regards to the "username" configurations

First  you should create the needed usernames on the ASA and only then  activate the "aaa authentication" for the type of management connetions  you need. Your above example is for the ASDM management.

- Jouni

New Member

Re: ASDM access for alreday configured ASA5505

Thanks Jouni, it worked

I have changed username and password by this command: username ----------  password ---------------- priv 15

is it right???

Thanks for letting me know

thx

Sap

Super Bronze

ASDM access for alreday configured ASA5505

Hi,

Yes, that should be fine to create a "username" configurations for a firewall admin as its specified with the maximum privilege level 15.

- Jouni

New Member

ASDM access for alreday configured ASA5505

Thanks Jouni,

one more issue:

 

Now I have other ASA and config as below:

dyt2asa# sh ip

System IP Addresses:

Interface               Name                   IP address     Subnet mask     Method

Vlan2                   outside               192.168.0.35   255.255.255.0   DHCP

Current IP Addresses:

Interface               Name                   IP address     Subnet mask     Method

Vlan2                   outside               192.168.0.35   255.255.255.0   DHCP

dyt2asa# sh run http

http server enable

http Site-Cambridge-Subnets 255.255.255.0 inside

dyt2asa#

why it is not showing inside IP?? I have assigned " http IP 255.255.255.0 inside"  but can not access ASDM for this ASA??

Please advice

thx,

Sap

458
Views
0
Helpful
6
Replies
CreatePlease login to create content