Cisco ASDM GUI tips and tricks for managing your Cisco ASA

A await at some of the ASA ASDM features that will make your life a bit easier

Cisco's Adaptive Security Device Managing director (ASDM) is the GUI tool used to manage the Cisco ASA security appliances.  In this weblog I'll reveal to you some of my favorite tips, tricks and secrets establish inside ASDM.  If you haven't dealt with it before, ASDM is a gratis configuration, monitoring and troubleshooting management tool that comes with the ASA.  In a nutshell, ASDM will manage all the features of the ASA appliance including FW, IPS and VPN.  Unlike its big brother Cisco Security Manager (CSM), ASDM is made to configure a standalone ASA one at a fourth dimension.  CSM is the tool you would apply to manage and share policy across multiple ASA's, routers, and IPS appliances.

First, installing the tool.  Y'all can download ASDM from cisco.com or from your ASA itself.  You lot tin can then run it inside a browser or download the ASDM launcher then information technology runs as its own application on your PC.  I highly recommend ASDM launcher every bit the way to go.  The ASDM launcher works for both Windows and MAC OSX (requires ASDM version 6.iv.5 or later).  Once launched it will look similar the below image.  You fill out the info and away yous become.

A few secrets about ASDM launcher.  First, to get the MAC launcher working you must install it directly from your ASA using a web browser.  Currently, there is not a downloadable .dmg file on cisco.com, only a .msi file for windows.

Second, yous encounter that absurd "run in demo mode" checkbox?  This can exist a very handy feature and is available to everyone.  To enable it, check the box and click on the link it provides.  This will take you to cisco.com where you lot will need to download the ASDM demo .msi parcel.

One time installed, ASDM can then exist used in a offline demo manner on a windows or mac calculator. Demo mode provides you with several configuration types to choose from so you tin can make information technology pretend to be an ASA FW or a ASA FW with IPS or a ASA with SSLVPN, etc. The ASDM demo mode even models event logs.  All in all ASDM demo mode gives you the feel of configuring and monitoring a live ASA.

Which brings me to another ASDM surreptitious, demo mode is designed for windows but will also piece of work on MACs.  This is non something supported by Cisco or constitute in there docs.  It is more of a hack, but a useful one for those (like me) that don't like to run fusion on their MACs.  Here is how yous get it to piece of work on a MAC running Panthera leo:

-First, On your MAC install the ASDM launcher past connecting to an ASA via a web browser and clicking install launcher.

-2d, download and install ASDM demo .msi on a Windows PC.

-Adjacent, Copy the Demo folder contents from C:\Program Files\Cisco Systems\ASDM to your MAC.

-On your MAC,  open the folder the launcher app is in (usually applications\Cisco) and right click on the launcher app. At present click evidence parcel contents

-A new finder window volition open up.  Navigate to /Applications/ASDM/Cisco ASDM-IDM.app/Contents/Resource/Java/demo

-Finally, re-create the contents of the windows demo folder into this binder.  Now Mac launcher demo should piece of work not bad!

Now that we have ASDM installed hither are some quick tips.

  • Need to see if in that location are upgrades for your specific ASA type and version? Use the check for updates tool in ASDM. This software update wizard is much quicker and mistake free than going to cisco's website downloading the images then uploading them to the ASA and configuring it to employ them. This can all at present exist done with nigh 4 clicks correct from ASDM. Huge timesaver!
  •  Need to apace run across in/out throughput on ASA interfaces? On homepage click on an interface and below it will prove the input and output kbps.
  • Need to chop-chop see your VPN sessions and their details? On homepage view the VPN sessions and click on details to see all the info nearly your sessions.
  • Parcel Tracer is a must use tool for ASA admins. If you haven't heard about information technology nonetheless see my previous blog. Packet tracer lets you model how the ASA will react to certain traffic types moving through it. The new feature yous need to know about is now tracer can model traffic based on usernames and FQDNs.
  • Need to ship an alert bulletin to your clientless sslvpn users? Under tools you lot'll find but such a feature. Y'all can send any warning message y'all desire to your users.
  • Need to get your ASA configured fast? Need to capture packets off the ASA quickly? Use the ASDM wizards! They save you time and eliminate common mistakes, especially for VPN setup. In this case wizards are not for dummies.

Can't find where in ASDM to configure something?  Find it rapidly using the look for tool.  You can find it on the ASDM toolbar.  Simply type in a keyword or two of what you are looking for and the ASDM assistant will take you at that place.

  • To speed up firewall dominion cosmos utilise the elevate and drib of objects. You tin speedily elevate and driblet objects and service objects into your firewall rule tabular array. If the object table is not open goto view/services to open it.
  • Demand to find where an object is beingness used? Right click on the object and select where used.
  • Demand to put in a temporary rule that auto-expires subsequently a sure time? Or maybe a rule that expires and merely allows traffic during business hours for contractors? Employ the fourth dimension-based option in your firewall rules nether advanced options on a dominion.
  • Need to rapidly add together NAT to a server or any host object? Use the new object based NAT. This tin be a huge timesaver.
  • Need to observe botnet and other malware action quickly? Turn on the botnet traffic filter license on your ASA and you'll meet all sorts of useful info on malicious traffic.
  • Retrieve you might have a slow or cleaved connectedness to your authentication server? Yous can quickly check the server to ASA performance from your ASDM monitoring/properties/aaa server view. Great tool to help troubleshoot authentication slowness or other erradic behavior.

Need to see who is currently logged in to manage the ASA?  Need to kick them off?  Y'all can do both from the Monitoring > Properties > Device Access > ASDM/HTTPS/Telnet/SSH Sessions screen.

Demand to troubleshoot the ASA connections? Need to parse the ASA logs existent-time? The ASDM Log viewer under monitoring is a squeamish tool for just such activities. It is best suited to most or real-time log parsing. A few of the really cool tools are create rule, show rule, whois and dns lookup. Any of these can be accessed past correct clicking on a log message. Again tin exist a big timesaver.

Well, there are some of my favorite ASDM tips.  If you have some of your own to share please post them.  If you lot take any questions permit me know.

The opinions and data presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.

More from Jamey Heary: Credit Card Skimming: How thieves can steal your card info without you knowing it Google Nexus Ane vs. Top x Phone Security RequirementsWhy you should always shred your boarding laissez passer Video rental records are afforded more privacy protections than your online dataThe truth about new SSL attacks2009 Top Urban Legends in Information technology Security/a>Become to Jamey's Blog for more articles on security.

*

*

*

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2022 IDG Communications, Inc.