Cisco ASDM GUI tips and tricks for managing your Cisco ASA

A wait at some of the ASA ASDM features that will make your life a fleck easier

Cisco'southward Adaptive Security Device Manager (ASDM) is the GUI tool used to manage the Cisco ASA security appliances.  In this blog I'll reveal to you some of my favorite tips, tricks and secrets constitute inside ASDM.  If you haven't dealt with it earlier, ASDM is a complimentary configuration, monitoring and troubleshooting management tool that comes with the ASA.  In a nutshell, ASDM volition manage all the features of the ASA apparatus including FW, IPS and VPN.  Different its big brother Cisco Security Managing director (CSM), ASDM is made to configure a standalone ASA one at a time.  CSM is the tool you would use to manage and share policy beyond multiple ASA's, routers, and IPS appliances.

Commencement, installing the tool.  Y'all can download ASDM from cisco.com or from your ASA itself.  You can then run information technology inside a browser or download the ASDM launcher so it runs as its own application on your PC.  I highly recommend ASDM launcher every bit the way to go.  The ASDM launcher works for both Windows and MAC OSX (requires ASDM version 6.iv.five or later on).  Once launched it will look like the below image.  You fill up out the info and away yous go.

A few secrets about ASDM launcher.  First, to get the MAC launcher working you must install it directly from your ASA using a web browser.  Currently, there is not a downloadable .dmg file on cisco.com, merely a .msi file for windows.

2d, you see that cool "run in demo mode" checkbox?  This tin be a very handy characteristic and is available to everyone.  To enable it, check the box and click on the link information technology provides.  This will have you lot to cisco.com where you volition need to download the ASDM demo .msi parcel.

Once installed, ASDM can then exist used in a offline demo mode on a windows or mac computer. Demo mode provides y'all with several configuration types to choose from then y'all tin can make it pretend to be an ASA FW or a ASA FW with IPS or a ASA with SSLVPN, etc. The ASDM demo mode even models upshot logs.  All in all ASDM demo mode gives you the experience of configuring and monitoring a alive ASA.

Which brings me to another ASDM secret, demo way is designed for windows but will too piece of work on MACs.  This is not something supported by Cisco or found in there docs.  Information technology is more than of a hack, merely a useful one for those (like me) that don't like to run fusion on their MACs.  Hither is how yous become it to piece of work on a MAC running Lion:

-Starting time, On your MAC install the ASDM launcher by connecting to an ASA via a web browser and clicking install launcher.

-Second, download and install ASDM demo .msi on a Windows PC.

-Next, Copy the Demo folder contents from C:\Program Files\Cisco Systems\ASDM to your MAC.

-On your MAC,  open the folder the launcher app is in (usually applications\Cisco) and correct click on the launcher app. Now click evidence package contents

-A new finder window volition open.  Navigate to /Applications/ASDM/Cisco ASDM-IDM.app/Contents/Resources/Java/demo

-Finally, copy the contents of the windows demo folder into this folder.  Now Mac launcher demo should piece of work not bad!

Now that we take ASDM installed here are some quick tips.

  • Need to meet if at that place are upgrades for your specific ASA type and version? Apply the check for updates tool in ASDM. This software update sorcerer is much quicker and error free than going to cisco's website downloading the images then uploading them to the ASA and configuring it to apply them. This can all now be done with well-nigh 4 clicks right from ASDM. Huge timesaver!
  •  Need to quickly run across in/out throughput on ASA interfaces? On homepage click on an interface and below it will bear witness the input and output kbps.
  • Need to quickly see your VPN sessions and their details? On homepage view the VPN sessions and click on details to see all the info about your sessions.
  • Parcel Tracer is a must use tool for ASA admins. If you haven't heard about it still see my previous web log. Packet tracer lets you model how the ASA will react to certain traffic types moving through it. The new feature you need to know near is now tracer tin model traffic based on usernames and FQDNs.
  • Demand to send an alert message to your clientless sslvpn users? Nether tools yous'll find just such a feature. Y'all can send any alert message you lot want to your users.
  • Need to get your ASA configured fast? Need to capture packets off the ASA quickly? Use the ASDM wizards! They save you time and eliminate mutual mistakes, especially for VPN setup. In this example wizards are non for dummies.

Can't find where in ASDM to configure something?  Find it quickly using the look for tool.  You can find it on the ASDM toolbar.  Simply type in a keyword or two of what you are looking for and the ASDM assistant will have you there.

  • To speed up firewall rule cosmos use the drag and drop of objects. Y'all can rapidly drag and drop objects and service objects into your firewall rule table. If the object table is not open goto view/services to open it.
  • Demand to find where an object is being used? Right click on the object and select where used.
  • Demand to put in a temporary rule that auto-expires after a certain time? Or peradventure a rule that expires and merely allows traffic during business hours for contractors? Use the time-based option in your firewall rules nether avant-garde options on a dominion.
  • Demand to quickly add NAT to a server or whatever host object? Use the new object based NAT. This can exist a huge timesaver.
  • Need to find botnet and other malware activity speedily? Turn on the botnet traffic filter license on your ASA and you lot'll see all sorts of useful info on malicious traffic.
  • Call back you might take a boring or broken connection to your hallmark server? You tin can quickly cheque the server to ASA performance from your ASDM monitoring/properties/aaa server view. Bully tool to help troubleshoot authentication slowness or other erradic behavior.

Demand to meet who is currently logged in to manage the ASA?  Demand to kick them off?  You lot can exercise both from the Monitoring > Properties > Device Access > ASDM/HTTPS/Telnet/SSH Sessions screen.

Need to troubleshoot the ASA connections? Need to parse the ASA logs real-time? The ASDM Log viewer under monitoring is a nice tool for just such activities. It is best suited to near or real-time log parsing. A few of the really absurd tools are create rule, testify rule, whois and dns lookup. Whatsoever of these can be accessed by correct clicking on a log message. Again tin exist a big timesaver.

Well, there are some of my favorite ASDM tips.  If y'all have some of your own to share please post them.  If y'all have any questions allow me know.

The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.

More than from Jamey Heary: Credit Card Skimming: How thieves can steal your carte info without you knowing it Google Nexus One vs. Elevation 10 Telephone Security Requirements Why you should always shred your boarding pass Video rental records are afforded more than privacy protections than your online information The truth virtually new SSL attacks 2009 Summit Urban Legends in IT Security/a>Become to Jamey's Web log for more articles on security.

*

*

*

*

*

*

Join the Network Globe communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.