Configure Cisco ASA Firewall for ASDM Access

ASDM (Adaptive Security Device Manager) is a GUI application that allows you to configure as well as monitor Cisco ASA Firewalls. In this article, we will discuss and configure Cisco ASA Firewall for ASDM access. Let’s start the discussion on ASDM and Cisco ASA.

enable-asdm-access-from-cisco-asa

Introduction to Cisco ASDM (Adaptive Security Device Manager)

ASDM is GUI that Cisco provided to configure and manage Cisco ASA devices. It is based on JAVA, so it is a prerequisite to have JAVA installed in your system.

It is a cross-platform software, so you can run it Windows, Linux, and macOS.

Cisco ASA Configuration for ASDM Access

I am assuming this is a factory reset device with no configuration. So, you must have serial console access to configure your Cisco ASA Firewall. Once you gain CLI access to the firewall you need the following configuration on Cisco ASA.

First of all, you need to check the ASDM image on Cisco ASA Firewall:

ciscoasa# show flash:
--#-- --length-- -----date/time------ path
23 0 Jul 21 2016 09:26:56 use_ttyS0
27 4096 May 30 2021 14:17:16 smart-log
28 2768 May 30 2021 14:17:46 smart-log/agentlog
24 4096 May 30 2021 14:16:14 log
26 0 May 30 2021 14:16:14 log/asa-appagent.log
61 4096 May 30 2021 14:17:22 coredumpinfo
62 59 May 30 2021 14:17:22 coredumpinfo/coredump.cfg
69 25819140 May 30 2021 15:10:27 asdm-76157.bin

A highlighted entry with red color in the output is the image of Cisco ASDM.

In case if you don’t have ASDM Image, you can download it from Cisco Official website. However, you must have a valid service contract associated with your Cisco.com user ID to download ASDM.

Once you have Cisco ASDM Image, you need just need to upload it to Cisco ASA Flash via TFTP. Once you finish the uploading, you need to execute the below command to tell Cisco ASA to use a particular ASDM image.

ciscoasa(config)#asdm image disk0:/asdm-731.bin

The next step is to configure the management interface of Cisco ASA. So, let’s continue.

Configuring the Management Interface of Cisco ASA Firewall for Management Access

Now, we will configure Management Interface on Cisco ASA Firewall. Since the Management interface is used to manage the device, so it is a trusted interface. I’ll assign a security level of 100.

ciscoasa# configure terminal
ciscoasa(config)# interface management 0/0
ciscoasa(config-if)# ip add 192.168.100.15 255.255.255.0
ciscoasa(config-if)# nameif mgmt
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# no shutdown

I’ve configured the security zone name mgmt. However, you can define this name as per your requirement.

Enabling the HTTP access for ASDM

Once you have configured the management interface, you will need to enable HTTP access for ASDM. So, you need to execute the below commands:

ciscoasa(config)# http server enable

We can restrict the network and interfaces that can access the Cisco ASA Firewall using ASDM. It will help to secure the management access to the firewall. By executing the below command, users with IP addresses from the 192.168.100.0/24 subnet can access the device.

ciscoasa(config)# http 192.168.100.0 255.255.255.0 mgmt

Now, we need to define the Users to get into Cisco ASA. So, let’s continue.

Configuring the Username and Password on Cisco ASA for ASDM

To log in to the Cisco ASA device, we need to configure the user account on Cisco ASA Firewall. You can use your Local User Database or you can use any AAA server such as Radius, TACACS+, or LDAP. In this example, we will use the Local database to login into Cisco ASA.

To create a user account you need to execute the below command:

ciscoasa(config)# username iptrainer password iptra!ner privilege 15

In case you want to use any other Login method, you need to tell the firewall to check the credentials with an external server. If you continue with Local credentials, you didn’t need to execute the below command.

ciscoasa(config)# aaa authentication http console <AAA-SERVER-NAME>

We just finished the configuration with Cisco ASA Firewall. Now, it’s time to run the Cisco ASDM on your machine.

Running the Cisco ASDM on Windows Machine

As we already discussed ASDM is based on JAVA. So, you just need to install the JAVA before running ASDM. If you don’t have JAVA installed in your system, just go to Oracle’s Java website and install Java.

Once you finished installing Java, you can browse the management IP address of the Cisco ASA firewall and log in with defined credentials.

You might get Certificate Error Warning. It is because of self-sign certificate. So, it is safe to click Continue to this website.

cisco-asa-certificate-error

Once you click on Continue to this website, you will get a screen that looks like the below image.

cisco-asdm-web-login

Now, you just need to click on Run ASDM to start with the ASDM. Once you click on Run ASDM, you will get warnings due to the self-sign certificate. There will be no risk to accept all these warnings. Now, ASDM will ask for login credentials. These are the same credentials that we created earlier.

cisco-asdm-login-window

Once you log in with valid credentials, you will get below ASDM Dashboard.

cisco-asdm-dashboard

That’s it! We have successfully logged into the ASDM console.

Related Articles

Summary

In this article, we have discussed Cisco ASDM, a GUI application that Cisco offers to manage and monitor Cisco ASA Firewalls. We configured Management Interface, HTTP access, and Logging credentials on Cisco ASA Firewall. Once we configured all these configurations, we get Cisco ASDM Access on the Windows machine. Although, Java Runtime is required on the client machine while accessing Cisco ASA using ASDM.

Hope you like this article. In case you like this article, request you to please share it on different platforms! In case you get into error, just comment into the comment box!

Leave a Reply

Your email address will not be published.