Saturday, May 21, 2016

How to Enable ASDM Access to ASA

Every ASA nowadays comes with the ASDM. When your ASA is booted you can see whether it is there or not by entering the following command to view the contents of the flash:












Steps:-

1. Enable HTTP server
This will allow you to access ASA from a web browser even to download ASDM too.

ciscoasa(config)#http server enable

2. Define the range of source IPs & the interface
If http 0 0 MGT is used, any IP comming from MGT interface will be permitted.

ciscoasa(config)#http 192.168.47.0 255.255.255.0 MGT

3. Create local usernames
You can use a AAA server for authentication instead. But local usernames are mandatory best practice too.

ciscoasa(config)#username TEST password TEST123

4. Define the authentication methods
If AAA server group is used, it is used before LOCAL key word here. This LOCAL is a case sensitive key word. If used in lower case letter, ASA will think it is a AAA server group named "local"

ciscoasa(config)#aaa authentication http console LOCAL

Now it is done. If you want to configure a local username and password for ASDM login, you can do it as following.

Now go to the web browser and enter https://<MGT-interface IP address> , it will prompt warning for https. Ignore the warning by clicking advanced and clicking proceed. (click on the images to see in full size)




















You will now have the following page. Install ASDM Launcher, install Java if required.