Configure ASDM Access On Cisco ASA Firewall CLI

edledge Cisco logo

Scenario:
Make: Cisco ASA
Model: All ASA Models [ASA 5506-X, ASA 5506 W-X, ASA 5508-X etc]
Mode: CLI (Command Line Interface)
Description: In this article, we will discuss a stepwise method to configure and enable ASDM or GUI access of an ASA. This configuration is valid for both, a standalone Firewall and the Firewalls that are in High availability mode.

Cisco ASA uses a tool called ASDM [Adaptive Security Device Manager] for GUI access of Cisco Firewalls. This works on Java and connects the ASA over HTTPS (TCP/443). Hence for a new deployed Cisco ASA it is always good to have ASDM access as well for management and maintenance of the Firewall. This tool is really useful for someone who is not good at the CLI method to manage Firewalls. An example image of the ASDM tool is attached below.

Like without having config we can gain CLI access of ASA via console similarly, GUI access can be gained by accessing ASA using the default ip address https://192.168.1.1.

Configuration

Step1: SSH or Console
Access the ASA over SSH to make changes. If SSH access is not configured yet then access it via console and Refer to the article in the attached link to configure SSH access on Cisco ASA.

Step2: Username & Password
Create Username & Password of the ASA for authentication

edledge-asa#
edledge-asa# conf t
edledge-asa(config)# username admin password edledge

Step3: Enable Password
Set the enable password to enter into privilege mode.

edledge-asa(config)# enable password edledge

Step4: Local AAA
Enable LOCAL aaa authentication for username to allow http connection to ASA

edledge-asa(config)# aaa authentication http console LOCAL

Note: The word “LOCAL” should be used only in capital letters.

Step5: Management Interface
Set the Management interface as per your Firewall Configuration. It could be either inside or any other interface like maintenance or management.

edledge-asa(config)# management-access inside

Step6: Enable http
Enable the http server by executing the command shown below.

edledge-asa(config)# http server enable

Step7: Configure http
Define the subnets or IPs which are allowed to have ASDM access to ASA.

edledge-asa(config)# http 10.0.1.0 255.255.255.0 inside
edledge-asa(config)# http 10.0.2.0 255.255.255.0 inside

Step8: Confirmation
Now access the Firewall using ip or hostname on a browser https://ip.address.of.firewall or you could install the ASDM tool to access the Firewall.

asdm asa

Note: ASDM takes directly into privilege mode hence use enable password on ASDM tool.

Once ASDM access is configured then the firewall is ready to get managed remotely. Click the link for FirePower License activation steps via ASDM. Also if you are looking to configure high availability or fail-over on the Cisco ASA firewalls then do not forget to refer to the linked article.

SourceCisco, Knowledge Base, Lab

EA00054

Leave a Reply

Your email address will not be published.