Mark2r
asked on
Cisco ASDM configuration
Hello Experts,
i have a small problem with the ASDM software at 1 of our customers.
When adding a new rule i get the screen as shown in the screencapture below.
This, by itself, is no problem.
However, our company uses the same type ASA as well.
When we add or modify a rule it looks like the screencapture below.
How can i configure the ASDM at the customer to show the same dialogue as our own ASDM?
The stats:
At the customer
Cisco Device: ASA 5510
Firmware version: 7.2(4)
ASDM version: 5.2(4)
At the office
Cisco Device: ASA 5510
Firmware version: 7.2(3)
ASDM version: 5.2(3)
Both the server and the workstation from witch i launch the ASDM software use the latest JAVA version.
i have a small problem with the ASDM software at 1 of our customers.
When adding a new rule i get the screen as shown in the screencapture below.
This, by itself, is no problem.
However, our company uses the same type ASA as well.
When we add or modify a rule it looks like the screencapture below.
How can i configure the ASDM at the customer to show the same dialogue as our own ASDM?
The stats:
At the customer
Cisco Device: ASA 5510
Firmware version: 7.2(4)
ASDM version: 5.2(4)
At the office
Cisco Device: ASA 5510
Firmware version: 7.2(3)
ASDM version: 5.2(3)
Both the server and the workstation from witch i launch the ASDM software use the latest JAVA version.
Ernie Beek
Looks like the customer is using ASDM as a local application and at the office it is run as a java web start application.
My first guess it the customer's versions would need to match yours.
ASKER
@erniebeek how would i run it as a webstart application?
I started the ASDM launcher via the provided MSI file that installed the console.
Both in the office and at the customer.
@soulja
The product manual of the ASDM 5.2(4) launcher speaks about the same fields as shown in the screenshot of the ASDM at our office, which is ASDM 5.2(3).
Hence i drew the conclusion that this is not caused by software versions.
I started the ASDM launcher via the provided MSI file that installed the console.
Both in the office and at the customer.
@soulja
The product manual of the ASDM 5.2(4) launcher speaks about the same fields as shown in the screenshot of the ASDM at our office, which is ASDM 5.2(3).
Hence i drew the conclusion that this is not caused by software versions.
Connect to the ip address of the firewall (https) and log on. On the welcome page you will have the choice to download the application or use the webstart.
ASKER
Well, the ASDM won't launch from the website, could this be caused by a bad JAVA install? or by the fact the it is being run from a Windows 2008 R2 server?
Still, the ASDM launches from the ASDM launcher where the add dialogue is still wrong.
Still, the ASDM launches from the ASDM launcher where the add dialogue is still wrong.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
even with the older JAVA version i still do not have any more options in the add-rules dialogue.
But you are running the webstart? It doesn't change anything with the local version of course.
ASKER
I tested this on 2 servers.
1 server with JAVA 6 update 24 and 1 server with JAVA 6 update 7.
On both of the servers i was unable to start the webstart, it just keeps loading after confirming the warnings. (The site is in local intranet with all security options disabled)
1 server with JAVA 6 update 24 and 1 server with JAVA 6 update 7.
On both of the servers i was unable to start the webstart, it just keeps loading after confirming the warnings. (The site is in local intranet with all security options disabled)
Ok, let me see if I can reproduce that.
In the meantime, are you able to try and run it on a workstation (no server) to see if that does work?
In the meantime, are you able to try and run it on a workstation (no server) to see if that does work?
ASKER
Well, i've tried to run the manager from a desktop pc.
Unfortunately, it is exactly the same as on the server.
Is there a hidden option on the ASA?
Unfortunately, it is exactly the same as on the server.
Is there a hidden option on the ASA?
ASKER
The problem still exists.
Can i use the commandline interface to add the needed rules?
Could you give me a pointer at what i need to type in the commandline?
I need to redirect several ports from 1 public IP to 10 different private IP's
example;
Public IP >> public port>> internal port >> internal IP
99.99.99.99 >> 81 >> 80 >> 192.168.135.100
99.99.99.99 >> 82 >> 80 >> 192.168.135.101
99.99.99.99 >> 83 >> 80 >> 192.168.135.102
etc.
If you could give me a pointer if this is even possible, thanks!
Can i use the commandline interface to add the needed rules?
Could you give me a pointer at what i need to type in the commandline?
I need to redirect several ports from 1 public IP to 10 different private IP's
example;
Public IP >> public port>> internal port >> internal IP
99.99.99.99 >> 81 >> 80 >> 192.168.135.100
99.99.99.99 >> 82 >> 80 >> 192.168.135.101
99.99.99.99 >> 83 >> 80 >> 192.168.135.102
etc.
If you could give me a pointer if this is even possible, thanks!
Haven't been able to reproduce it yet, but I can help you with this.
Static (inside,outside) tcp 99.99.99.99 81 192.168.135.100 80 netmask 255.255.255.255
Static (inside,outside) tcp 99.99.99.99 82 192.168.135.101 80 netmask 255.255.255.255
Static (inside,outside) tcp 99.99.99.99 83 192.168.135.102 80 netmask 255.255.255.255
access-list outside permit tcp any host 99.99.99.99 eq 81
access-list outside permit tcp any host 99.99.99.99 eq 82
access-list outside permit tcp any host 99.99.99.99 eq 83
access-group outside in interface outside
Assuming here that the intreface have the default names (inside and outside).
Static (inside,outside) tcp 99.99.99.99 81 192.168.135.100 80 netmask 255.255.255.255
Static (inside,outside) tcp 99.99.99.99 82 192.168.135.101 80 netmask 255.255.255.255
Static (inside,outside) tcp 99.99.99.99 83 192.168.135.102 80 netmask 255.255.255.255
access-list outside permit tcp any host 99.99.99.99 eq 81
access-list outside permit tcp any host 99.99.99.99 eq 82
access-list outside permit tcp any host 99.99.99.99 eq 83
access-group outside in interface outside
Assuming here that the intreface have the default names (inside and outside).
ASKER
thanks for the reply ernie,
We upgraded our own ASA5510 to the latest firmware version
ASA version 8.4(1)
ASDM version 6.4(1)
and quess what, we now have the same as we have at our customer.
Any guess where the option could be to change the access rule dialogue?
We upgraded our own ASA5510 to the latest firmware version
ASA version 8.4(1)
ASDM version 6.4(1)
and quess what, we now have the same as we have at our customer.
Any guess where the option could be to change the access rule dialogue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i had a cisco support engineer take a look at it.
It turns out that it was a design change as of version 7.4
too bad :(
thanks for the help anyway!
It turns out that it was a design change as of version 7.4
too bad :(
thanks for the help anyway!
ASKER
Cisco support engineer had a look at the problem and told us it was a design feature
Well, that's good to know for future reference.
And Thx for the points :)
And Thx for the points :)