• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2250
  • Last Modified:

Cisco ASDM configuration

Hello Experts,

i have a small problem with the ASDM software at 1 of our customers.
When adding a new rule i get the screen as shown in the screencapture below.
Rule dialogue [Customer]
This, by itself, is no problem.
However, our company uses the same type ASA as well.
When we add or modify a rule it looks like the screencapture below.
Rule dialogue [Office]
How can i configure the ASDM at the customer to show the same dialogue as our own ASDM?

The stats:
At the customer
Cisco Device: ASA 5510
Firmware version: 7.2(4)
ASDM version: 5.2(4)

At the office
Cisco Device: ASA 5510
Firmware version: 7.2(3)
ASDM version: 5.2(3)  

Both the server and the workstation from witch i launch the ASDM software use the latest JAVA version.
0
Mark2r
Asked:
Mark2r
  • 9
  • 8
2 Solutions
 
Ernie BeekCommented:
Looks like the customer is using ASDM as a local application and at the office it is run as a java web start application.
0
 
SouljaCommented:
My first guess it the customer's versions would need to match yours.
0
 
Mark2rAuthor Commented:
@erniebeek how would i run it as a webstart application?

I started the ASDM launcher via the provided MSI file that installed the console.
Both in the office and at the customer.

@soulja
The product manual of the ASDM 5.2(4) launcher speaks about the same fields as shown in the screenshot of the ASDM at our office, which is ASDM 5.2(3).
Hence i drew the conclusion that this is not caused by software versions.
0
Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

 
Ernie BeekCommented:
Connect to the ip address of the firewall (https) and log on. On the welcome page you will have the choice to download the application or use the webstart.
0
 
Mark2rAuthor Commented:
Well, the ASDM won't launch from the website, could this be caused by a bad JAVA install? or by the fact the it is being run from a Windows 2008 R2 server?

Still, the ASDM launches from the ASDM launcher where the add dialogue is still wrong.
0
 
Ernie BeekCommented:
There are issues with java, JRE 6u10 doesn't work that well. Try 6u7 instead: http://java.sun.com/products/archive/j2se/6u7/index.html
0
 
Mark2rAuthor Commented:
even with the older JAVA version i still do not have any more options in the add-rules dialogue.
0
 
Ernie BeekCommented:
But you are running the webstart? It doesn't change anything with the local version of course.
0
 
Mark2rAuthor Commented:
I tested this on 2 servers.
1 server with JAVA 6 update 24 and 1 server with JAVA 6 update 7.

On both of the servers i was unable to start the webstart, it just keeps loading after confirming the warnings. (The site is in local intranet with all security options disabled)
0
 
Ernie BeekCommented:
Ok, let me see if I can reproduce that.

In the meantime, are you able to try and run it on a workstation (no server) to see if that does work?
0
 
Mark2rAuthor Commented:
Well, i've tried to run the manager from a desktop pc.

Unfortunately, it is exactly the same as on the server.
 Workstation view when adding rule
Is there a hidden option on the ASA?
0
 
Mark2rAuthor Commented:
The problem still exists.

Can i use the commandline interface to add the needed rules?
Could you give me a pointer at what i need to type in the commandline?

I need to redirect several ports from 1 public IP to 10 different private IP's
example;
Public IP >> public port>> internal port >> internal IP
99.99.99.99 >> 81 >> 80 >> 192.168.135.100
99.99.99.99 >> 82 >> 80 >> 192.168.135.101
99.99.99.99 >> 83 >> 80 >> 192.168.135.102
etc.

If you could give me a pointer if this is even possible, thanks!
0
 
Ernie BeekCommented:
Haven't been able to reproduce it yet, but I can help you with this.

Static (inside,outside) tcp 99.99.99.99 81 192.168.135.100 80 netmask 255.255.255.255
Static (inside,outside) tcp 99.99.99.99 82 192.168.135.101 80 netmask 255.255.255.255
Static (inside,outside) tcp 99.99.99.99 83 192.168.135.102 80 netmask 255.255.255.255

access-list outside permit tcp any host 99.99.99.99 eq 81
access-list outside permit tcp any host 99.99.99.99 eq 82
access-list outside permit tcp any host 99.99.99.99 eq 83

access-group outside in interface outside

Assuming here that the intreface have the default names (inside and outside).
0
 
Mark2rAuthor Commented:
thanks for the reply ernie,

We upgraded our own ASA5510 to the latest firmware version

ASA version 8.4(1)
ASDM version 6.4(1)

and quess what, we now have the same as we have at our customer.
Any guess where the option could be to change the access rule dialogue?
0
 
Ernie BeekCommented:
Should be: configuration>firewall>access rules
0
 
Mark2rAuthor Commented:
i had a cisco support engineer take a look at it.

It turns out that it was a design change as of version 7.4

too bad :(

thanks for the help anyway!
0
 
Mark2rAuthor Commented:
Cisco support engineer had a look at the problem and told us it was a design feature
0
 
Ernie BeekCommented:
Well, that's good to know for future reference.

And Thx for the points :)
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now