Thursday 9 April 2015

Setup and configure ADSM on a ASA5510

Firstly we will hookup the serial port on the management machine and console port on the ASA. If you are using linux 'screen' will work or on Windows PuTTY should do the trick.

Consult the ASA documentation for serial settings such as the baud rate - but as a gerneral rule of thumb 9600 should usuall work.

Once in we might want to delete any existing configurations:

write erase
reload

or to delete everything in the flash memory:

erase flash

We should then setup and configure ADSM:

enable
configure terminal
hostname devasa
enable password mypassword

* Intrestingly "enable secret" / "service password-encrpytion" are already in place (meaning that your password has been hashed) and are not configurable" *

interface Management0/0
nameif management
security-level 0

* Note: Security levels define the trust assosiated with an interface on a scale of 0 to 100 - for example a security level of 0 specifies that no traffic should be trusted on this interface: meaning that an implicit 'deny ip any any'. Although on the other hand a level of 100 implies that all traffic may pass through the interface - this might be applied to a green zone / inner network interface. *

ip address 192.168.0.1 255.255.255.0
no shutdown

We must now activate ADSM (the .bin file should be uploaded to the flash before-hand) and enable the HTTP server:

exit
asdm image flash:/asdm.bin.
http server enable
copy run start

We create an access rule for the HTTP server so you can reach it:
http 192.168.0.2 255.255.255.255 management

We will also create a username and password for ourselves - assiging us the highest permission of 15:

username <my-username> password <my-password> privilege 15

On your computer (with your interface configured as 192.168.0.2) open up your web browser and visit:

https://192.168.0.1/admin

Select "Run Cusco ADSM as a local application" and enter in the username and password we created before.

0 comments:

Post a Comment