Solved

asdm software

Posted on 2010-11-21
14
1,124 Views
Last Modified: 2012-05-10
i need asdm software for asa firewall configuration ....how i can install and configure asdm software ...How i can access asa ,switches and router through asdm software...please send solutions ..
0
Comment
Question by:nisartlaa
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 3

Expert Comment

by:scottbisker
ID: 34184303
ASDM can be downloaded from the firewall from the Management Interface.  It describes it in detail in the FW install instructions.  
0
 

Author Comment

by:nisartlaa
ID: 34184318
can u send the link for the downloading asdm software pls,,,
0
 
LVL 3

Expert Comment

by:scottbisker
ID: 34184339
The software can only be obtained if you have a valid smartnet support contract.  Further, it has to be compatible with the version of PIX software that you have.
0
 
LVL 3

Expert Comment

by:uniplast
ID: 34184373
Go to https://192.168.1.1 (by default)
There you will see an option to install the ASDM

** 192.168.1.1 is the default IP address of ASA devices
0
 

Author Comment

by:nisartlaa
ID: 34185543
i have asa server ip address 172.16.3.1 ....when i trying from web interface its not working...so how to enable access through web interface on asa ?...pls send me solutions ..
0
 
LVL 3

Expert Comment

by:uniplast
ID: 34186013
Can you post your "sh run" and "sh flash"?
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34186796
If the firewall is no longer running at factory default, you need to allow access from the 172.16.3.0 network (or a specific host) for administration via ASDM. In the command line you need to put in:
http 172.16.3.0 255.255.255.0 inside
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:nisartlaa
ID: 34186935
its running systems..everything is working properly...i want to access via weinterface by asdm software.

0
 

Author Comment

by:nisartlaa
ID: 34186956
as per ur request  am attaching sh flash and sh run ...

sh fla

 ASA-SMS#      sh flash:
--#--  --length--  -----date/time------  path
  199  14137344    Jan 01 2003 03:06:02  asa804-k8.bin
  200  4096        Jan 01 1980 03:00:00  FSCK0000.REC
   75  4096        Mar 14 2009 15:13:50  log
   79  4096        Mar 14 2009 15:14:04  crypto_archive
  201  7562988     Mar 14 2009 15:15:38  asdm-613.bin
  203  20480       Jan 01 1980 03:00:00  FSCK0001.REC
  204  4863904     Mar 14 2009 15:17:20  securedesktop_asa_3_3_0_129.pkg.zip
  205  4096        Mar 14 2009 15:17:20  sdesktop
  230  1462        Mar 14 2009 15:17:20  sdesktop/data.xml
  206  2153936     Mar 14 2009 15:17:22  anyconnect-win-2.2.0133-k9.pkg
  207  3446540     Mar 14 2009 15:17:22  anyconnect-macosx-powerpc-2.2.0133-k9.pkg
  208  3412549     Mar 14 2009 15:17:26  anyconnect-macosx-i386-2.2.0133-k9.pkg
  209  3756345     Mar 14 2009 15:17:28  anyconnect-linux-2.2.0133-k9.pkg
  210  4096        Jan 01 1980 03:00:00  FSCK0002.REC
  211  24576       Jan 01 1980 03:00:00  FSCK0003.REC
  212  4096        Jan 01 1980 03:00:00  FSCK0004.REC
  213  4096        Jan 01 1980 03:00:00  FSCK0005.REC
  214  4096        Jan 01 1980 03:00:00  FSCK0006.REC
  215  4096        Jan 01 1980 03:00:00  FSCK0007.REC
  216  4096        Jan 01 1980 03:00:00  FSCK0008.REC
  217  4096        Jan 01 1980 03:00:00  FSCK0009.REC
  218  8192        Jan 01 1980 03:00:00  FSCK0010.REC
  219  8192        Jan 01 1980 03:00:00  FSCK0011.REC
  220  8192        Jan 01 1980 03:00:00  FSCK0012.REC
<--- More --->
               
   221  20480       Jan 01 1980 03:00:00  FSCK0013.REC
  222  36864       Jan 01 1980 03:00:00  FSCK0014.REC
  223  32768       Jan 01 1980 03:00:00  FSCK0015.REC
  224  36864       Jan 01 1980 03:00:00  FSCK0016.REC
  225  4096        Jan 01 1980 03:00:00  FSCK0017.REC
  226  24576       Jan 01 1980 03:00:00  FSCK0018.REC
  227  4096        Jan 01 1980 03:00:00  FSCK0019.REC
  228  24576       Jan 01 1980 03:00:00  FSCK0020.REC
  229  4096        Jan 01 1980 03:00:00  FSCK0021.REC

255844352 bytes total (214523904 bytes free)

 ASA-SMS#


sh run
: Saved
:
ASA Version 8.0(4)
!
hostname ASA-SMS
domain-name SMS.COM
enable password kBI2AKOfWzdKl4za encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 speed 100
 duplex full
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/0.2
 vlan 2
 nameif inside-NWMgt
 security-level 100
 ip address 172.16.2.1 255.255.255.0
!
interface Ethernet0/0.3
 vlan 3
<--- More --->
               
  nameif Inside-Data
 security-level 100
 ip address 172.16.3.1 255.255.255.0
!
interface Ethernet0/0.110
 vlan 110
 nameif inside-Voice
 security-level 100
 ip address 172.16.110.1 255.255.255.0
!
interface Ethernet0/1
 speed 100
 duplex full
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
<--- More --->
               
 interface Ethernet0/3
 speed 100
 duplex full
 nameif Outside
 security-level 0
 ip address 192.168.255.2 255.255.255.252
!
interface Management0/0
 speed 100
 duplex full
 nameif Mgt
 security-level 100
 no ip address
!
ftp mode passive
clock timezone AST 3
dns server-group DefaultDNS
 domain-name SMS.COM
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network AllowAll
 network-object host 172.16.3.51
 network-object host 172.16.3.211
 network-object host 172.16.3.250
<--- More --->
               
  network-object host 172.16.3.55
 network-object host 172.16.3.143
 network-object host 172.16.3.91
 network-object host 172.16.110.25
 network-object host 172.16.110.45
 network-object host 172.16.110.54
 network-object host 172.16.110.65
 network-object host 172.16.3.147
 network-object host 172.16.3.81
 network-object host 172.16.110.31
 network-object host 172.16.3.5
 network-object host 172.16.110.38
 network-object host 172.16.3.203
 network-object host 172.16.3.71
 network-object host 172.16.110.49
 network-object host 172.16.3.111
 network-object host 172.16.3.6
 network-object host 172.16.110.23
 network-object host 172.16.3.10
 network-object host 172.16.110.36
 network-object host 172.16.3.210
 network-object host 172.16.3.200
 network-object host 172.16.3.8
 network-object host 172.16.3.86
<--- More --->
               
  network-object host 172.16.110.41
 network-object host 172.16.110.39
 network-object host 172.16.110.42
 network-object host 172.16.3.201
 network-object host 172.16.3.65
 network-object host 172.16.3.126
 network-object host 172.16.3.3
 network-object host 172.16.3.125
 network-object host 172.16.3.80
 network-object host 172.16.3.134
 network-object host 172.16.3.98
 network-object host 172.16.3.4
 network-object host 172.16.3.150
 network-object host 172.16.3.122
 network-object host 172.16.3.118
 network-object host 172.16.3.7
 network-object host 172.16.3.69
 network-object host 172.16.3.77
 network-object host 172.16.3.105
 network-object host 172.16.3.204
 network-object host 172.16.3.137
object-group network WebProxy
 network-object host 172.16.3.202
object-group network MSN
<--- More --->
               
  network-object host 172.16.3.51
object-group network YahooMessenger
 network-object host 172.16.3.51
 network-object host 172.16.3.65
object-group network GoogleTalk
 network-object host 172.16.3.41
object-group network Skype
 network-object host 172.16.3.51
 network-object host 172.16.3.81
object-group network Out-In-Allow
 network-object host 172.16.3.51
 network-object host 172.16.3.102
object-group network FTP-Data
 network-object host 172.16.3.41
 network-object host 172.16.3.51
 network-object host 172.16.3.70
 network-object host 172.16.3.211
 network-object host 172.16.3.102
 network-object host 172.16.3.143
 network-object host 172.16.3.203
 network-object host 172.16.3.134
 network-object host 172.16.3.201
 network-object host 172.16.3.91
 network-object host 172.16.3.7
<--- More --->
               
  network-object host 172.16.3.65
object-group network Block-All
access-list AclIn extended permit tcp host 172.16.3.211 any eq domain
access-list AclIn extended permit tcp any any eq 2000
access-list AclIn extended permit udp any any eq 2000
access-list AclIn extended permit udp any any eq 2001
access-list AclIn extended permit udp any any eq 56543
access-list AclIn extended permit udp any any eq 62296
access-list AclIn extended permit tcp object-group WebProxy any eq www
access-list AclIn extended permit tcp object-group WebProxy any eq https
access-list AclIn extended permit tcp host 172.16.3.201 any
access-list AclIn extended permit ip 172.16.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list AclIn extended permit tcp any any eq smtp
access-list AclIn extended permit tcp any any eq pop3
access-list AclIn extended permit tcp any any eq imap4
access-list AclIn extended permit icmp any any
access-list AclIn extended permit tcp object-group FTP-Data any eq ftp
access-list AclIn extended permit tcp object-group FTP-Data any eq ftp-data
access-list AclIn extended permit icmp object-group AllowAll any
access-list AclIn extended permit ip object-group AllowAll any
access-list AclIn extended permit tcp object-group MSN any eq 1863
access-list AclIn extended permit tcp object-group YahooMessenger any eq 5050
access-list AclIn extended permit tcp object-group GoogleTalk any eq 5222
access-list AclIn extended permit tcp object-group Skype any gt 1024
<--- More --->
               
 access-list AclIn extended permit udp object-group Skype any gt 1024
access-list AclIn extended deny udp any any
access-list AclIn extended deny tcp any any
access-list AclIn extended permit tcp host 172.16.3.202 any
access-list Aclout extended permit ip any any
access-list Aclout extended permit ip 172.17.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list Aclout extended permit ip 192.168.255.0 255.255.255.252 172.16.0.0 255.255.0.0
access-list Aclout extended permit gre any host 87.101.232.190
access-list Aclout extended permit tcp any host 87.101.232.190 eq pptp
access-list Aclout extended permit ip any host 87.101.232.189
access-list Aclout extended permit icmp any any
access-list Aclout extended permit tcp any any eq telnet
access-list Aclout extended deny udp any any
access-list Aclout extended deny tcp any any
access-list Aclout extended permit ip any host 87.101.232.188
access-list NAT-inside extended permit ip 172.16.3.0 255.255.255.0 any
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 192.168.255.0 255.255.255.0
access-list Aclin extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging trap informational
<--- More --->
               
 logging device-id ipaddress Inside-Data
logging host Inside-Data 172.16.3.211 17/1514
mtu inside-NWMgt 1500
mtu Inside-Data 1500
mtu inside-Voice 1500
mtu Outside 1500
mtu Mgt 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 87.101.232.185 netmask 255.255.255.255
nat (Inside-Data) 0 access-list NoNAT-inside
nat (Inside-Data) 1 access-list NAT-inside
static (Inside-Data,Outside) 87.101.232.189 172.16.3.250 netmask 255.255.255.255
static (Inside-Data,Outside) 87.101.232.190 172.16.3.211 netmask 255.255.255.255
static (Inside-Data,Outside) 87.101.232.188 172.16.3.5 netmask 255.255.255.255
access-group AclIn in interface inside-NWMgt
access-group AclIn in interface Inside-Data
access-group AclIn in interface inside-Voice
access-group Aclout in interface Outside
route Outside 0.0.0.0 0.0.0.0 192.168.255.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
<--- More --->
               
 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 172.16.0.0 255.255.0.0 Inside-Data
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 172.16.0.0 255.255.0.0 Inside-Data
telnet 0.0.0.0 0.0.0.0 Outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd option 150 ip 192.168.255.1
!
dhcpd address 172.16.110.21-172.16.110.200 inside-Voice
dhcpd enable inside-Voice
<--- More --->
               
 !
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 172.16.3.211 source Inside-Data
username admin password hRbN/mprmsdqRIkf encrypted privilege 15
username Administrator password RDGPLJY5fLYSv2a5 encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
<--- More --->
               
   inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d557d46ec89df4c99d0e0ffe83e34a4d
: end

 ASA-SMS#      
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 34186995
0
 
LVL 3

Expert Comment

by:uniplast
ID: 34187001
OK, as far as I see you have problems with masks.

This must change
http 172.16.0.0 255.255.0.0 Inside-Data

in

http 172.16.3.0 255.255.255.0 Inside-Data

because the inside interface is

  nameif Inside-Data
 security-level 100
 ip address 172.16.3.1 255.255.255.0

then attempt to https: / / 172.16.3.1
0
 
LVL 3

Accepted Solution

by:
uniplast earned 500 total points
ID: 34187012
You have on the your ASA asdm-613.bin and it's not problem :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 34187030
to access your ASDM from inside

https://172.16.3.1

leave username blank and enter the enable password - make sure your NOT going through a proxy server and have Java installed.
0
 

Author Comment

by:nisartlaa
ID: 34187185
one more things there is i can saw interface status...inside-data 287 kbps and  inside-voice 370 kbps and outside 685 kbps...so can i identify which ip address utilizing bandwidth ? if it is possible i can easy find out which users misusing internet ...So please help me this also.....

firewallstatus.doc
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now