Welcome back to our weekly series of videos, in which Intense School Resources gives you a step-by-step guide to a common problem or modification that will help you with your certification studies.
CCNA Training – Resources (Intense)
In this video, I will walk you through how to set up and use the Cisco Adaptive Security Device Manager (ASDM) to manage a Cisco ASA running in GNS3. It is approximately 10 minutes in length, so budget your time accordingly so you can watch from beginning to end.
For more information on setting up ASDM on this Cisco ASA in GNS3, please see our related article (Setting up ASDM on the Cisco ASA in GNS3), which includes free downloadable GNS3 files for you to work with. Combined with the video, it’s an immersive experience that will help you cement your knowledge of ASDM.
Thanks for watching! I’ll see you again very soon. If you have any questions or comments, or would like to suggest a topic, please feel free to do so in comments.
One of the things people want to know while using the cisco ASA in GNS3 is how to manage that ASA using ASDM. And that’s where we will be looking at now. There are three basic things that we need to do to get the job done. A partly configured ASA, a TFTP server, and of course the ASDM image.
Let’s begin with a setup. Just bring a ASA here. This switch, and a cloud. This cloud will be both my TSTP SW1 and also the host from where you will run the host from. So I am just going to configure, it’s going to my system. Alright, I can use my virtual box. You can use any of these adapters. I will use my virtual box because I can always configure it. And one thing I can do is also change my symbol so it looks like a host. So let’s look for that here. Host. Yeah click here, apply, ok. Alright! Now the reason I have a switch in between is because you cannot directly connect a host to ASA. You need to use a switch In between.
So, just connect this to the switch, the switch is just the basic Ethernet switch, that’s the one here! And then, I want to use my inside interface. Alright, so I am just going to start that and then we will configure it. I’d pause the video while the ASA starts up.
Ok now we are going to configure the ASA, there is no default password. The first thing I would do is to make sure that the host and the ASA have connection. So I am going to configure that interface. I’ll use my int1 or gi1 interface. nameif inside, ip address, I am going to put it in 56.0 subnet. 255 0. Because the virtual box is on 56.0/24. now we are going to check this, ipconfig. As you can see the virtual box host-only adapter that we are using is on 56.1. so let me, just make sure that I can ping that….56.1. Cool! So we have connection. So what we want to do is to add the ASDM image to ASA. There are various methods you can use to do this you can use HTTP, you can use FTP and you can use TFTP but I like using TFTP. I have a TFTP server that I like using. Its 3CDaemon, its very simple to use. Its TFTP, FTP, Syslog server. So you can always use this. As you can see when 3CDaemon starts it listens for TFTP requests on all IP addresses you have on your system. So, 0.6 is my wifi, 56.1 is the one we are using, that is virtual box adapter, the 220 are my VMware adapters.
First you need to configure it then point it to the location where we have the ASDM image. I have the ASDM image on my documents, gns3 and I have it under IOS. So I will just select that, OK, apply, yes, OK.
Just to show you that I have the ASDM here, so that’s the ASDM- 713.bin. We need this name so that I can as well copy it. And now we come back to the ASA. So what we are going to do, we are going to use TFTP. I will copy it to the flash also called as the disk0. So We could have used “copy tftp flash”. Enter, and now it is asking for the address of the remote host which is 192.168.56.1. Source filename I am just going to paste that here and the destination filename is also going to be the same. So Okay! It s copying and if I go back to the 3CDaemon you can see the number of bytes copying. I am going to wait for it to finish so I will pause this video, when its done I am going to come back.
So now its done here. It has finished and I can go back to the ASA. We can see the number of bytes copied and stuff like that. If we check the flash, you can see the ASDM image here. So we want to point this ASA to the location of the ASDM image. For that we will use the “asdm image” and we can specify the path where the ASDM image is. Now that’s going to be disk0 and then ASDM this. Alright!
So, if we check our show version, scroll up as you can see the device manager version 7.1.3 which is what we uploaded. But before we can connect to ASDM on this ASA, there are some things we need to do.
The first thing we need to do is configure username and password. So let’s just say, “username asdm password asdm” of course it is not a strong password; it’s just for educational purposes. Another thing we need to do is setup the HTTPS server. It’s not enabled by default so, if I do show run HTTP, there is nothing there. So, we need to enable the HTTP server. Enable. So, “http server enable”. And we also need to specify the addresses that can connect to this ASA – that can manage it using ASDM.
We use the HTTP command and we can specify the IP address or (this is IPv6) so, I am just going to use, 56. I can use the entire 56.0 or let me say I want to use just one system so, 56.1 and then you can specify the netmask. 255.255.255.255 and then now we need to specify, the interface on which that address can come from or on which this ASA can be managed and that’s going to be on the inside interface. Right?
To run ASDM, I’ll just open a web browser and then we will go to “https://192.168.56.10”, it has to be HTTPS; if you use HTTP it won’t work, and then I am going to get this connection is not private or whatever; maybe certificate warning. That’s because the ASA is using a self-signed certificate. Just click on “Advance” and proceed.
So I am presented with this, I have ASDM and I have two options of running it. I can either run it as a local application meaning it is installed, or I run ASDM as a java web start application. Now I have found that local java application gives some issues maybe because of the Java version I was using, so what I just do is run ASDM. I am going to run it as a java web start application.
But let’s see if this works, I am going to click on install ASDM launcher and I get this. It asks for a username and a password. So I have configured “asdm” “asdm”; login. So it is going to download this DM launcher and we can install it. Next, finish. So it is going to ask for device IP address, username and password. The device IP address used is 56.10, username is “asdm” password is “asdm”Okay.
Now this was the error I used to get. Unable to launch device manager from 192.168.56.10. I think it had something to do with the java version. You just click on Ok and close that. Now another method which we can use, which works is run ASDM. We are just going to click it. Click on that. So I’m still using java 7. Maybe it has been updated with the java 8, I am not sure. Now it’s going to ask me to continue with the website because of its certificates. We click on more information, we can view the certification details. Basically, this was generated by the ASA.
So close. Close, I am just going to continue, run. As we can see this is quite similar to the one we had before except that we don’t have the IP address field anymore. So, username is “asdm”, password is “asdm”, okay. Now this is loading cached software.
So, this works while the other one doesn’t works. Maybe with the new version of java, it has been fixed, I am not really sure. And here we have our ASDM. The host name “ciscoasa”, ASA version 8.4(2), ASDM version 7.1 and you have other things like that.
So now you can play around. Use different wizards… VPN wizards, and things like that. So that’s basically how to setup the ASDM on the ASA. I hope you have found this video insightful and look forward to sharing knowledge in other videos.