?
Solved

asdm software

Posted on 2010-11-21
14
Medium Priority
?
1,156 Views
Last Modified: 2012-05-10
i need asdm software for asa firewall configuration ....how i can install and configure asdm software ...How i can access asa ,switches and router through asdm software...please send solutions ..
0
Comment
Question by:nisartlaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 3

Expert Comment

by:scottbisker
ID: 34184303
ASDM can be downloaded from the firewall from the Management Interface.  It describes it in detail in the FW install instructions.  
0
 

Author Comment

by:nisartlaa
ID: 34184318
can u send the link for the downloading asdm software pls,,,
0
 
LVL 3

Expert Comment

by:scottbisker
ID: 34184339
The software can only be obtained if you have a valid smartnet support contract.  Further, it has to be compatible with the version of PIX software that you have.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 3

Expert Comment

by:uniplast
ID: 34184373
Go to https://192.168.1.1 (by default)
There you will see an option to install the ASDM

** 192.168.1.1 is the default IP address of ASA devices
0
 

Author Comment

by:nisartlaa
ID: 34185543
i have asa server ip address 172.16.3.1 ....when i trying from web interface its not working...so how to enable access through web interface on asa ?...pls send me solutions ..
0
 
LVL 3

Expert Comment

by:uniplast
ID: 34186013
Can you post your "sh run" and "sh flash"?
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34186796
If the firewall is no longer running at factory default, you need to allow access from the 172.16.3.0 network (or a specific host) for administration via ASDM. In the command line you need to put in:
http 172.16.3.0 255.255.255.0 inside
0
 

Author Comment

by:nisartlaa
ID: 34186935
its running systems..everything is working properly...i want to access via weinterface by asdm software.

0
 

Author Comment

by:nisartlaa
ID: 34186956
as per ur request  am attaching sh flash and sh run ...

sh fla

 ASA-SMS#      sh flash:
--#--  --length--  -----date/time------  path
  199  14137344    Jan 01 2003 03:06:02  asa804-k8.bin
  200  4096        Jan 01 1980 03:00:00  FSCK0000.REC
   75  4096        Mar 14 2009 15:13:50  log
   79  4096        Mar 14 2009 15:14:04  crypto_archive
  201  7562988     Mar 14 2009 15:15:38  asdm-613.bin
  203  20480       Jan 01 1980 03:00:00  FSCK0001.REC
  204  4863904     Mar 14 2009 15:17:20  securedesktop_asa_3_3_0_129.pkg.zip
  205  4096        Mar 14 2009 15:17:20  sdesktop
  230  1462        Mar 14 2009 15:17:20  sdesktop/data.xml
  206  2153936     Mar 14 2009 15:17:22  anyconnect-win-2.2.0133-k9.pkg
  207  3446540     Mar 14 2009 15:17:22  anyconnect-macosx-powerpc-2.2.0133-k9.pkg
  208  3412549     Mar 14 2009 15:17:26  anyconnect-macosx-i386-2.2.0133-k9.pkg
  209  3756345     Mar 14 2009 15:17:28  anyconnect-linux-2.2.0133-k9.pkg
  210  4096        Jan 01 1980 03:00:00  FSCK0002.REC
  211  24576       Jan 01 1980 03:00:00  FSCK0003.REC
  212  4096        Jan 01 1980 03:00:00  FSCK0004.REC
  213  4096        Jan 01 1980 03:00:00  FSCK0005.REC
  214  4096        Jan 01 1980 03:00:00  FSCK0006.REC
  215  4096        Jan 01 1980 03:00:00  FSCK0007.REC
  216  4096        Jan 01 1980 03:00:00  FSCK0008.REC
  217  4096        Jan 01 1980 03:00:00  FSCK0009.REC
  218  8192        Jan 01 1980 03:00:00  FSCK0010.REC
  219  8192        Jan 01 1980 03:00:00  FSCK0011.REC
  220  8192        Jan 01 1980 03:00:00  FSCK0012.REC
<--- More --->
               
   221  20480       Jan 01 1980 03:00:00  FSCK0013.REC
  222  36864       Jan 01 1980 03:00:00  FSCK0014.REC
  223  32768       Jan 01 1980 03:00:00  FSCK0015.REC
  224  36864       Jan 01 1980 03:00:00  FSCK0016.REC
  225  4096        Jan 01 1980 03:00:00  FSCK0017.REC
  226  24576       Jan 01 1980 03:00:00  FSCK0018.REC
  227  4096        Jan 01 1980 03:00:00  FSCK0019.REC
  228  24576       Jan 01 1980 03:00:00  FSCK0020.REC
  229  4096        Jan 01 1980 03:00:00  FSCK0021.REC

255844352 bytes total (214523904 bytes free)

 ASA-SMS#


sh run
: Saved
:
ASA Version 8.0(4)
!
hostname ASA-SMS
domain-name SMS.COM
enable password kBI2AKOfWzdKl4za encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 speed 100
 duplex full
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/0.2
 vlan 2
 nameif inside-NWMgt
 security-level 100
 ip address 172.16.2.1 255.255.255.0
!
interface Ethernet0/0.3
 vlan 3
<--- More --->
               
  nameif Inside-Data
 security-level 100
 ip address 172.16.3.1 255.255.255.0
!
interface Ethernet0/0.110
 vlan 110
 nameif inside-Voice
 security-level 100
 ip address 172.16.110.1 255.255.255.0
!
interface Ethernet0/1
 speed 100
 duplex full
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
<--- More --->
               
 interface Ethernet0/3
 speed 100
 duplex full
 nameif Outside
 security-level 0
 ip address 192.168.255.2 255.255.255.252
!
interface Management0/0
 speed 100
 duplex full
 nameif Mgt
 security-level 100
 no ip address
!
ftp mode passive
clock timezone AST 3
dns server-group DefaultDNS
 domain-name SMS.COM
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network AllowAll
 network-object host 172.16.3.51
 network-object host 172.16.3.211
 network-object host 172.16.3.250
<--- More --->
               
  network-object host 172.16.3.55
 network-object host 172.16.3.143
 network-object host 172.16.3.91
 network-object host 172.16.110.25
 network-object host 172.16.110.45
 network-object host 172.16.110.54
 network-object host 172.16.110.65
 network-object host 172.16.3.147
 network-object host 172.16.3.81
 network-object host 172.16.110.31
 network-object host 172.16.3.5
 network-object host 172.16.110.38
 network-object host 172.16.3.203
 network-object host 172.16.3.71
 network-object host 172.16.110.49
 network-object host 172.16.3.111
 network-object host 172.16.3.6
 network-object host 172.16.110.23
 network-object host 172.16.3.10
 network-object host 172.16.110.36
 network-object host 172.16.3.210
 network-object host 172.16.3.200
 network-object host 172.16.3.8
 network-object host 172.16.3.86
<--- More --->
               
  network-object host 172.16.110.41
 network-object host 172.16.110.39
 network-object host 172.16.110.42
 network-object host 172.16.3.201
 network-object host 172.16.3.65
 network-object host 172.16.3.126
 network-object host 172.16.3.3
 network-object host 172.16.3.125
 network-object host 172.16.3.80
 network-object host 172.16.3.134
 network-object host 172.16.3.98
 network-object host 172.16.3.4
 network-object host 172.16.3.150
 network-object host 172.16.3.122
 network-object host 172.16.3.118
 network-object host 172.16.3.7
 network-object host 172.16.3.69
 network-object host 172.16.3.77
 network-object host 172.16.3.105
 network-object host 172.16.3.204
 network-object host 172.16.3.137
object-group network WebProxy
 network-object host 172.16.3.202
object-group network MSN
<--- More --->
               
  network-object host 172.16.3.51
object-group network YahooMessenger
 network-object host 172.16.3.51
 network-object host 172.16.3.65
object-group network GoogleTalk
 network-object host 172.16.3.41
object-group network Skype
 network-object host 172.16.3.51
 network-object host 172.16.3.81
object-group network Out-In-Allow
 network-object host 172.16.3.51
 network-object host 172.16.3.102
object-group network FTP-Data
 network-object host 172.16.3.41
 network-object host 172.16.3.51
 network-object host 172.16.3.70
 network-object host 172.16.3.211
 network-object host 172.16.3.102
 network-object host 172.16.3.143
 network-object host 172.16.3.203
 network-object host 172.16.3.134
 network-object host 172.16.3.201
 network-object host 172.16.3.91
 network-object host 172.16.3.7
<--- More --->
               
  network-object host 172.16.3.65
object-group network Block-All
access-list AclIn extended permit tcp host 172.16.3.211 any eq domain
access-list AclIn extended permit tcp any any eq 2000
access-list AclIn extended permit udp any any eq 2000
access-list AclIn extended permit udp any any eq 2001
access-list AclIn extended permit udp any any eq 56543
access-list AclIn extended permit udp any any eq 62296
access-list AclIn extended permit tcp object-group WebProxy any eq www
access-list AclIn extended permit tcp object-group WebProxy any eq https
access-list AclIn extended permit tcp host 172.16.3.201 any
access-list AclIn extended permit ip 172.16.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list AclIn extended permit tcp any any eq smtp
access-list AclIn extended permit tcp any any eq pop3
access-list AclIn extended permit tcp any any eq imap4
access-list AclIn extended permit icmp any any
access-list AclIn extended permit tcp object-group FTP-Data any eq ftp
access-list AclIn extended permit tcp object-group FTP-Data any eq ftp-data
access-list AclIn extended permit icmp object-group AllowAll any
access-list AclIn extended permit ip object-group AllowAll any
access-list AclIn extended permit tcp object-group MSN any eq 1863
access-list AclIn extended permit tcp object-group YahooMessenger any eq 5050
access-list AclIn extended permit tcp object-group GoogleTalk any eq 5222
access-list AclIn extended permit tcp object-group Skype any gt 1024
<--- More --->
               
 access-list AclIn extended permit udp object-group Skype any gt 1024
access-list AclIn extended deny udp any any
access-list AclIn extended deny tcp any any
access-list AclIn extended permit tcp host 172.16.3.202 any
access-list Aclout extended permit ip any any
access-list Aclout extended permit ip 172.17.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list Aclout extended permit ip 192.168.255.0 255.255.255.252 172.16.0.0 255.255.0.0
access-list Aclout extended permit gre any host 87.101.232.190
access-list Aclout extended permit tcp any host 87.101.232.190 eq pptp
access-list Aclout extended permit ip any host 87.101.232.189
access-list Aclout extended permit icmp any any
access-list Aclout extended permit tcp any any eq telnet
access-list Aclout extended deny udp any any
access-list Aclout extended deny tcp any any
access-list Aclout extended permit ip any host 87.101.232.188
access-list NAT-inside extended permit ip 172.16.3.0 255.255.255.0 any
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list NoNAT-inside extended permit ip 172.16.0.0 255.255.0.0 192.168.255.0 255.255.255.0
access-list Aclin extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging trap informational
<--- More --->
               
 logging device-id ipaddress Inside-Data
logging host Inside-Data 172.16.3.211 17/1514
mtu inside-NWMgt 1500
mtu Inside-Data 1500
mtu inside-Voice 1500
mtu Outside 1500
mtu Mgt 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 87.101.232.185 netmask 255.255.255.255
nat (Inside-Data) 0 access-list NoNAT-inside
nat (Inside-Data) 1 access-list NAT-inside
static (Inside-Data,Outside) 87.101.232.189 172.16.3.250 netmask 255.255.255.255
static (Inside-Data,Outside) 87.101.232.190 172.16.3.211 netmask 255.255.255.255
static (Inside-Data,Outside) 87.101.232.188 172.16.3.5 netmask 255.255.255.255
access-group AclIn in interface inside-NWMgt
access-group AclIn in interface Inside-Data
access-group AclIn in interface inside-Voice
access-group Aclout in interface Outside
route Outside 0.0.0.0 0.0.0.0 192.168.255.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
<--- More --->
               
 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 172.16.0.0 255.255.0.0 Inside-Data
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 172.16.0.0 255.255.0.0 Inside-Data
telnet 0.0.0.0 0.0.0.0 Outside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd option 150 ip 192.168.255.1
!
dhcpd address 172.16.110.21-172.16.110.200 inside-Voice
dhcpd enable inside-Voice
<--- More --->
               
 !
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 172.16.3.211 source Inside-Data
username admin password hRbN/mprmsdqRIkf encrypted privilege 15
username Administrator password RDGPLJY5fLYSv2a5 encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
<--- More --->
               
   inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d557d46ec89df4c99d0e0ffe83e34a4d
: end

 ASA-SMS#      
0
 
LVL 3

Expert Comment

by:uniplast
ID: 34187001
OK, as far as I see you have problems with masks.

This must change
http 172.16.0.0 255.255.0.0 Inside-Data

in

http 172.16.3.0 255.255.255.0 Inside-Data

because the inside interface is

  nameif Inside-Data
 security-level 100
 ip address 172.16.3.1 255.255.255.0

then attempt to https: / / 172.16.3.1
0
 
LVL 3

Accepted Solution

by:
uniplast earned 2000 total points
ID: 34187012
You have on the your ASA asdm-613.bin and it's not problem :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 34187030
to access your ASDM from inside

https://172.16.3.1

leave username blank and enter the enable password - make sure your NOT going through a proxy server and have Java installed.
0
 

Author Comment

by:nisartlaa
ID: 34187185
one more things there is i can saw interface status...inside-data 287 kbps and  inside-voice 370 kbps and outside 685 kbps...so can i identify which ip address utilizing bandwidth ? if it is possible i can easy find out which users misusing internet ...So please help me this also.....

firewallstatus.doc
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question