Scribd Logo
Upload

Welcome to Scribd!

  • SNPA50SL17

    Uploaded by

    api-3699464
    72 views44 pages
    ASDM is a browser-based configuration tool designed to help configure and monitor your Security Appliance. ASDM is preloaded in flash memory on new Cisco ASA and Cisco PIX security appliances running Versions 7 and later. A Security Appliance must meet the following requirements to run ASDM: Activation key that enables DES or 3DES Supported Java plug-in.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ASDM is a browser-based configuration tool designed to help configure and monitor your Security Appliance. ASDM is preloaded in flash memory on new Cisco ASA and Cisco PIX security appliances running Versions 7 and later. A Security Appliance must meet the following requirements to run ASDM: Activation key that enables DES or 3DES Supported Java plug-in.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    72 views44 pages

    SNPA50SL17

    Uploaded by

    api-3699464
    ASDM is a browser-based configuration tool designed to help configure and monitor your Security Appliance. ASDM is preloaded in flash memory on new Cisco ASA and Cisco PIX security appliances running Versions 7 and later. A Security Appliance must meet the following requirements to run ASDM: Activation key that enables DES or 3DES Supported Java plug-in.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 44

    Cisco Adaptive

    Security Device
    Manager

    Lesson 17

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-1


    ASDM Overview and
    Operating Requirements

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-2


    What Is ASDM?

    Internet
    SSL Secure Tunnel

    ASDM is a browser-based configuration tool designed to


    help configure and monitor your security appliance.

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-3


    ASDM Features

     Runs on a variety of platforms


     Implemented in Java to provide robust, real-time monitoring
     Works with SSL to ensure secure communication with the PIX security
    appliance
     Comes preloaded in flash memory on new Cisco ASA and Cisco PIX security
    appliances running Versions 7.2 and later
     ASDM sessions
    – 5 ASDM sessions per unit (single mode) or context (multiple mode)
    – 32 sessions per unit in multiple mode
     Operates on PIX 515E, 525, and 535* Security Appliances
     Operates on Cisco ASA 5505, 5510, 5520, 5540, and 5550 Security
    Appliances

    * ASDM Version 5.2 is not supported on the PIX 501 or 506 Security Appliance.
    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-4
    ASDM Security Appliance Requirements

    A security appliance must meet the following


    requirements to run ASDM:
     Activation key that enables DES or 3DES
     Supported Java plug-in
     Security appliance software version compatible with the ASDM
    software version you plan to use*
     Hardware model compatible with the ASDM software version you
    plan to use

    * ASDM Version 5.2 requires Security Appliance Software Version 7.2.

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-5


    ASDM Browser Requirements

    To access ASDM from a browser, the following


    requirements must be met:
     JavaScript and Java must be enabled on the computer where the
    browser resides.
     SSL must be enabled in the browser.

    Popup blockers may prevent ASDM from starting.

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-6


    Supported Platforms

     Windows
     Sun Solaris
     Linux

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-7


    Running ASDM

    Run ASDM as a:
     Local application
     Java applet

    Launch
    Startup
    Wizard

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-8


    Preparing for ASDM

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-9


    Configure the Security Appliance to Use
    ASDM

    Before you can use ASDM, you need to enter the following
    information on the security appliance via a console terminal:
     Time
     Inside IP address
     Inside network mask
     Host name
     Domain name
     Enable the HTTP server on the security appliance
     IP addresses of hosts authorized to access
    HTTP server

    If more than one ASDM image is stored in the flash memory of your security
    appliance, also specify the ASDM image to be used.

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-10


    Setup Dialog

    Pre-configure Firewall now through interactive prompts [yes]? <Enter>


    Firewall Mode [Routed]:
    Enable Password [<use current password>]: cisco123
    Allow password recovery [yes] ?
    Clock (UTC)
    Year [2006]: <Enter>
    Month [Sep]: <Enter>
    Day [2]: <Enter>
    Time [10:21:49]: <Enter>
    Inside IP address: 10.0.1.1
    Inside network mask: 255.255.255.0
    Host name: asa1
    Domain name: ciscoasa.com
    IP address of host running Device Manager: 10.0.1.11
    Use this configuration and write to flash? Y

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-11


    Navigating ASDM
    Configuration Windows

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-12


    ASDM Home Window
    Menu bar
    Main toolbar

    Device
    Information Interface
    - General Status
    - License

    VPN Status

    Traffic
    System
    Status
    Resources

    Syslog
    Messages

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-13


    ASDM Home Window (Cont.)

    License tab

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-14


    Startup Wizard

    Startup Wizard
     Interfaces
     NAT and PAT
     Hostname
     Domain name
     Enable password

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-15


    VPN Wizard

    VPN Wizard
     Site-to-Site
     Remote Access

    Note: Use Configuration > VPN to edit VPN connections.


    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-16
    High Availability and Scalability Wizard

    High Availability
    and Scalability
    Wizard
     Active/Active
    Failover
     Active/Standby
    Failover
     VPN Cluster Load
    Balancing

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-17


    Configuration Window

    Configuration
     Interface
     Security Policy
     NAT
     VPN
     IPS or Trend
    Micro Content
    Security
     CSD Manager
     Routing
     Global Objects
     Properties

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-18


    Interfaces

     IP address
    – Static
    – DHCP
     Same security
    level

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-19


    Security Policy

     Access Rules
     AAA Rules
     Filter Rules
     Service Policy
    Rules

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-20


    NAT

     Translation Rules
    – NAT
    – Policy NAT
    – NAT exemption
    – Maximum
    connections
    – Embryonic
    connections
     NAT0

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-21


    VPN

    Edit VPN
     General
     IKE
     IPsec
     IP Address
    Management
     Load Balancing
     NAC
     WebVPN
     E-Mail Proxy

    Note: Use the Remote Access or Site-to-Site VPN Wizard for new VPN connections.
    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-22
    VPN Policy Configuration
    Client Firewall

    WebVPN
    General
    NAC
    IPsec
    Hardware
    Client Client
    Configuration

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-23


    Cisco Secure Desktop
     Windows Location
    Settings
    – VPN Feature Policy
    – Keystroke Logger
    – Cache Cleaner
    – Secure Desktop
    General
    – Secure Desktop
    Settings
    – Secure Desktop
    Browser
     Windows CE
    – VPN Feature Policy
     Mac and Linux Cache
    Cleaner
    – VPN Feature Policy
    – Cache Cleaner

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-24


    Routing

     Static Routes
     Dynamic Routing
    – OSPF
    – RIP
     Multicast
    – IGMP
    – MRoute
    – PIM
     Proxy ARPs

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-25


    Global Objects

     Network Object
    Groups
     IP Names
     Service Groups
     Class Maps
     Inspect Maps
     Regular
    Expressions
     TCP Maps
     Time Ranges

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-26


    Properties
     AAA Setup
     Anti-Spoofing
     ARP
     Auto Update
     Client Update
     Certificates
     Device Access
     Device
    Administration
     DHCP Services
     DNS
     High Availability
    and Scalability
    Wizard
     Failover
     Fragment
     History Metrics
     HTTP/HTTPS
    and more

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-27


    Monitoring Button

     Interfaces
     VPN
     IPS or Trend
    Micro Content
    Security
     Routing
     Properties
     Logging

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-28


    Interface Graphs Panel

    The Interface Graphs


    panel enables you to
    monitor per-interface
    statistics, such as bit
    rates, for each enabled
    interface on the
    security appliance.

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-29


    Packet Tracer
    Interface
    Source IP
    Destination IP
    Source port
    Destination port

    Flow lookup

    Route lookup

    Access list

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-30


    Options > Preferences
    Options

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-31


    Tools
    Tools
     Command Line
    Interface
     Packet Tracer
     Ping
     Traceroute
     File Management
     Ugrade Software
     Upload ASDM
    Assistant Guide
     System Reload
     ASDM Java
    Console

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-32


    Help
    Help
     Help Topics
     Help for Current
    Screen
     Release Notes
     Getting Started
     VPN 3000
    Migration Guide
     Glossary
     Feature Matrix
     Feature Search
     How Do I?
     Icon Legend
     About Cisco
    Adaptive Security
    Appliance (ASA)
     About Cisco ASDM
    5.2

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-33


    Online Help

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-34


    Navigating ASDM
    Multimode Windows

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-35


    Multimode Home Page

    System:
     Configuration
     Monitoring
    Context:
     Configuration
     Monitoring

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-36


    System Configuration

    System Configuration:
     Interfaces
     Resource Class
     Security Contexts
     High Availability
    and Scalability
    Wizard
     Failover
     Properties

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-37


    System Monitoring

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-38


    Context Configuration

    Context Configuration:
     Interfaces
     Security Policy
     NAT
     IPS or Trend Micro
    Content Security
     Routing
     Global Objects
     Properties

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-39


    Context Monitoring

    Context Monitoring:
     Interfaces
     IPS or Trend
    Micro Content
    Security
     Routing
     Properties
     Logging

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-40


    Summary

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-41


    Summary

     ASDM is a browser-based tool used to configure your security appliance.


     Minimal setup on the security appliance is required to run ASDM.
     ASDM contains several tools in addition to the GUI to help you configure
    your security appliance.
     The following ASDM wizards are available to simplify security appliance
    configuration:
    – Startup Wizard: Walks you step by step through the initial
    configuration of the security appliance
    – VPN Wizard: Walks you step by step through the creation of site-to-
    site and remote access VPNs
    – High Availability and Scalability Wizard: Walks you step by step
    through the configuration of active/active failover, active/standby
    failover, and VPN cluster load balancing

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-42


    Lab Visual Objective
    Web
    FTP
    .50
    172.26.26.0
    .150
    Pods 1–5 .1 .1 Pods 6–10

    192.168.P.0 RBB 192.168.Q.0


    .2
    .2
    Bastion Host: Bastion Host:
    .2 .1 .1 .2
    Web ASA ASA Web
    FTP 172.16.P.0 172.16.Q.0 FTP
    .1 .1

    10.0.P.0 10.0.Q.0
    .100 .100
    RTS RTS

    Web Web Local: 10.0.Q.11


    Local: 10.0.P.11
    FTP FTP

    Student PC hosting ASDM Student PC hosting ASDM

    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-43


    © 2007 Cisco Systems, Inc. All rights reserved. SNPA v5.0—17-44

    You might also like