Solved

asdm software

Posted on 2010-11-21
14
1,146 Views
Last Modified: 2012-05-10
i need asdm software for asa firewall configuration ....how i can install and configure asdm software ...How i can access asa ,switches and router through asdm software...please send solutions ..
0
Comment
Question by:nisartlaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 3

Expert Comment

by:scottbisker
ID: 34184303
ASDM can be downloaded from the firewall from the Management Interface.  It describes it in detail in the FW install instructions.  
0
 

Author Comment

by:nisartlaa
ID: 34184318
can u send the link for the downloading asdm software pls,,,
0
 
LVL 3

Expert Comment

by:scottbisker
ID: 34184339
The software can only be obtained if you have a valid smartnet support contract.  Further, it has to be compatible with the version of PIX software that you have.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 3

Expert Comment

by:uniplast
ID: 34184373
Go to https://192.168.1.1 (by default)
There you will see an option to install the ASDM

** 192.168.1.1 is the default IP address of ASA devices
0
 

Author Comment

by:nisartlaa
ID: 34185543
i have asa server ip address 172.16.3.1 ....when i trying from web interface its not working...so how to enable access through web interface on asa ?...pls send me solutions ..
0
 
LVL 3

Expert Comment

by:uniplast
ID: 34186013
Can you post your "sh run" and "sh flash"?
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34186796
If the firewall is no longer running at factory default, you need to allow access from the 172.16.3.0 network (or a specific host) for administration via ASDM. In the command line you need to put in:
http 172.16.3.0 255.255.255.0 inside
0
 

Author Comment

by:nisartlaa
ID: 34186935
its running systems..everything is working properly...i want to access via weinterface by asdm software.

0
 

Author Comment

by:nisartlaa
ID: 34186956
as per ur request  am attaching sh flash and sh run ...

sh fla

 ASA-SMS#      sh flash:
--#--  --length--  -----date/time------  path
  199  14137344    Jan 01 2003 03:06:02  asa804-k8.bin
  200  4096        Jan 01 1980 03:00:00  FSCK0000.REC
   75  4096        Mar 14 2009 15:13:50  log
   79  4096        Mar 14 2009 15:14:04  crypto_archive
  201  7562988     Mar 14 2009 15:15:38  asdm-613.bin
  203  20480       Jan 01 1980 03:00:00  FSCK0001.REC
  204  4863904     Mar 14 2009 15:17:20  securedesktop_asa_3_3_0_129.pkg.zip
  205  4096        Mar 14 2009 15:17:20  sdesktop
  230  1462        Mar 14 2009 15:17:20  sdesktop/data.xml
  206  2153936     Mar 14 2009 15:17:22  anyconnect-win-2.2.0133-k9.pkg
  207  3446540     Mar 14 2009 15:17:22  anyconnect-macosx-powerpc-2.2.0133-k9.pkg
  208  3412549     Mar 14 2009 15:17:26  anyconnect-macosx-i386-2.2.0133-k9.pkg
  209  3756345     Mar 14 2009 15:17:28  anyconnect-linux-2.2.0133-k9.pkg
  210  4096        Jan 01 1980 03:00:00  FSCK0002.REC
  211  24576       Jan 01 1980 03:00:00  FSCK0003.REC
  212  4096        Jan 01 1980 03:00:00  FSCK0004.REC
  213  4096        Jan 01 1980 03:00:00  FSCK0005.REC
  214  4096        Jan 01 1980 03:00:00  FSCK0006.REC
  215  4096        Jan 01 1980 03:00:00  FSCK0007.REC
  216  4096        Jan 01 1980 03:00:00  FSCK0008.REC
  217  4096        Jan 01 1980 03:00:00  FSCK0009.REC
  218  8192        Jan 01 1980 03:00:00  FSCK0010.REC
  219  8192        Jan 01 1980 03:00:00  FSCK0011.REC
  220  8192        Jan 01 1980 03:00:00  FSCK0012.REC
<--- More --->
               
   221  20480       Jan 01 1980 03:00:00  FSCK0013.REC
  222  36864       Jan 01 1980 03:00:00  FSCK0014.REC
  223  32768       Jan 01 1980 03:00:00  FSCK0015.REC
  224  36864       Jan 01 1980 03:00:00  FSCK0016.REC
  225  4096        Jan 01 1980 03:00:00  FSCK0017.REC
  226  24576       Jan 01 1980 03:00:00  FSCK0018.REC
  227  4096        Jan 01 1980 03:00:00  FSCK0019.REC
  228  24576       Jan 01 1980 03:00:00  FSCK0020.REC
  229  4096        Jan 01 1980 03:00:00  FSCK0021.REC

255844352 bytes total (214523904 bytes free)

 ASA-SMS#


sh run
: Saved
:
ASA Version 8.0(4)
!
hostname ASA-SMS
domain-name SMS.COM
enable password kBI2AKOfWzdKl4za encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 speed 100
 duplex full
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/0.2
 vlan 2
 nameif inside-NWMgt
 security-level 100
 ip address 172.16.2.1 255.255.255.0
!
interface Ethernet0/0.3
 vlan 3
<--- More --->
               
  nameif Inside-Data
 security-level 100
 ip address 172.16.3.1 255.255.255.0
!
interface Ethernet0/0.110
 vlan 110
 nameif inside-Voice
 security-level 100
 ip address 172.16.110.1 255.255.255.0
!
interface Ethernet0/1
 speed 100
 duplex full
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
<--- More --->
               
 interface Ethernet0/3
 speed 100
 duplex full
 nameif Outside
 security-level 0
 ip address 192.168.255.2 255.255.255.252
!
interface Management0/0
 speed 100
 duplex full
 nameif Mgt
 security-level 100
 no ip address
!
ftp mode passive
clock timezone AST 3
dns server-group DefaultDNS
 domain-name SMS.COM
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network AllowAll
 network-object host 172.16.3.51
 network-object host 172.16.3.211
 network-object host 172.16.3.250
<--- More --->
               
  network-object host 172.16.3.55
 network-object host 172.16.3.143
 network-object host 172.16.3.91
 network-object host 172.16.110.25
 network-object host 172.16.110.45
 network-object host 172.16.110.54
 network-object host 172.16.110.65
 network-object host 172.16.3.147
 network-object host 172.16.3.81
 network-object host 172.16.110.31
 network-object host 172.16.3.5
 network-object host 172.16.110.38
 network-object host 172.16.3.203
 network-object host 172.16.3.71
 network-object host 172.16.110.49
 network-object host 172.16.3.111
 network-object host 172.16.3.6
 network-object host 172.16.110.23
 network-object host 172.16.3.10
 network-object host 172.16.110.36
 network-object host 172.16.3.210
 network-object host 172.16.3.200
 network-object host 172.16.3.8
 network-object host 172.16.3.86
<--- More --->
               
  network-object host 172.16.110.41
 network-object host 172.16.110.39
 network-object host 172.16.110.42
 network-object host 172.16.3.201
 network-object host 172.16.3.65
 network-object host 172.16.3.126
 network-object host 172.16.3.3
 network-object host 172.16.3.125
 network-object host 172.16.3.80
 network-object host 172.16.3.134
 network-object host 172.16.3.98
 network-object host 172.16.3.4
 network-object host 172.16.3.150
 network-object host 172.16.3.122
 network-object host 172.16.3.118
 network-object host 172.16.3.7
 network-object host 172.16.3.69
 network-object host 172.16.3.77
 network-object host 172.16.3.105
 network-object host 172.16.3.204
 network-object host 172.16.3.137
object-group network WebProxy
 network-object host 172.16.3.202
object-group network MSN
<--- More --->
               
  network-object host 172.16.3.51
object-group network YahooMessenger
 network-object host 172.16.3.51
 network-object host 172.16.3.65
object-group network GoogleTalk
 network-object host 172.16.3.41
object-group network Skype
 network-object host 172.16.3.51
 network-object host 172.16.3.81
object-group network Out-In-Allow
 network-object host 172.16.3.51
 network-object host 172.16.3.102
object-group network FTP-Data
 network-object host 172.16.3.41
 network-object host 172.16.3.51
 network-object host 172.16.3.70
 network-object host 172.16.3.211
 network-object host 172.16.3.102
 network-object host 172.16.3.143
 network-object host 172.16.3.203
 network-object host 172.16.3.134
 network-object host 172.16.3.201
 network-object host 172.16.3.91
 network-object host 172.16.3.7
<--- More --->
               
  network-object host 172.16.3.65
object-group network Block-All
access-list AclIn extended permit tcp host 172.16.3.211 any eq domain
access-list AclIn extended permit tcp any any eq 2000
access-list AclIn extended permit udp any any eq 2000
access-list AclIn extended permit udp any any eq 2001
access-list AclIn extended permit udp any any eq 56543
access-list AclIn extended permit udp any any eq 62296
access-list AclIn extended permit tcp object-group WebProxy any eq www
access-list AclIn extended permit tcp object-group WebProxy any eq https
access-list AclIn extended permit tcp host 172.16.3.201 any
access-list AclIn extended permit ip 172.16.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list AclIn extended permit tcp any any eq smtp
access-list AclIn extended permit tcp any any eq pop3
access-list AclIn extended permit tcp any any eq imap4
access-list AclIn extended permit icmp any any
access-list AclIn extended permit tcp object-group FTP-Data any eq ftp
access-list AclIn extended permit tcp object-group FTP-Data any eq ftp-data
access-list AclIn extended permit icmp object-group AllowAll any
access-list AclIn extended permit ip object-group AllowAll any
access-list AclIn extended permit tcp object-group MSN any eq 1863
access-list AclIn extended permit tcp object-group YahooMessenger any eq 5050
access-list AclIn extended permit tcp object-group GoogleTalk any eq 5222
access-list AclIn extended permit tcp object-group Skype any gt 1024
<--- More --->
               
 access-list AclIn extended permit udp object-group Skype any gt 1024
access-list AclIn extended deny udp any any
access-list AclIn extended deny tcp any any
access-list AclIn extended permit tcp host 172.16.3.202 any
access-list Aclout extended permit ip any any
access-list Aclout extended permit ip 172.17.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list Aclout extended permit ip 192.168.255.0 255.255.255.252 172.16.0.0 255.255.0.0
access-list Aclout extended permit gre any host 87.101.232.190
access-list Aclout extended permit tcp any host 87.101.232.190 eq pptp
access-list Aclout extended permit ip any host 87.101.232.189
access-list Aclout extended permit icmp any any
access-list Aclout extended permit tcp any any eq telnet
access-list Aclout extended deny udp any any
access-list Aclout extended deny tcp any any
access-list Aclout extended permit ip any host 87.101.232.188
access-list NAT-inside extended permit ip 172.16.3.0 255.255.255.0 any
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 192.168.255.0 255.255.255.0
access-list Aclin extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging trap informational
<--- More --->
               
 logging device-id ipaddress Inside-Data
logging host Inside-Data 172.16.3.211 17/1514
mtu inside-NWMgt 1500
mtu Inside-Data 1500
mtu inside-Voice 1500
mtu Outside 1500
mtu Mgt 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 87.101.232.185 netmask 255.255.255.255
nat (Inside-Data) 0 access-list NoNAT-inside
nat (Inside-Data) 1 access-list NAT-inside
static (Inside-Data,Outside) 87.101.232.189 172.16.3.250 netmask 255.255.255.255
static (Inside-Data,Outside) 87.101.232.190 172.16.3.211 netmask 255.255.255.255
static (Inside-Data,Outside) 87.101.232.188 172.16.3.5 netmask 255.255.255.255
access-group AclIn in interface inside-NWMgt
access-group AclIn in interface Inside-Data
access-group AclIn in interface inside-Voice
access-group Aclout in interface Outside
route Outside 0.0.0.0 0.0.0.0 192.168.255.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
<--- More --->
               
 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 172.16.0.0 255.255.0.0 Inside-Data
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 172.16.0.0 255.255.0.0 Inside-Data
telnet 0.0.0.0 0.0.0.0 Outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd option 150 ip 192.168.255.1
!
dhcpd address 172.16.110.21-172.16.110.200 inside-Voice
dhcpd enable inside-Voice
<--- More --->
               
 !
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 172.16.3.211 source Inside-Data
username admin password hRbN/mprmsdqRIkf encrypted privilege 15
username Administrator password RDGPLJY5fLYSv2a5 encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
<--- More --->
               
   inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d557d46ec89df4c99d0e0ffe83e34a4d
: end

 ASA-SMS#      
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 34186995
0
 
LVL 3

Expert Comment

by:uniplast
ID: 34187001
OK, as far as I see you have problems with masks.

This must change
http 172.16.0.0 255.255.0.0 Inside-Data

in

http 172.16.3.0 255.255.255.0 Inside-Data

because the inside interface is

  nameif Inside-Data
 security-level 100
 ip address 172.16.3.1 255.255.255.0

then attempt to https: / / 172.16.3.1
0
 
LVL 3

Accepted Solution

by:
uniplast earned 500 total points
ID: 34187012
You have on the your ASA asdm-613.bin and it's not problem :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 34187030
to access your ASDM from inside

https://172.16.3.1

leave username blank and enter the enable password - make sure your NOT going through a proxy server and have Java installed.
0
 

Author Comment

by:nisartlaa
ID: 34187185
one more things there is i can saw interface status...inside-data 287 kbps and  inside-voice 370 kbps and outside 685 kbps...so can i identify which ip address utilizing bandwidth ? if it is possible i can easy find out which users misusing internet ...So please help me this also.....

firewallstatus.doc
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question