Hi guys,
I'm new to Cisco technology but am very accustomed to firewall setup/configuration/maintenance. I have a Cisco Pix 515e and I need to add a port forward. I've read on the following like that I can use a GUI type interface called Cisco Adaptive Security Device Manager (ASDM):
http://www.cisco.com/en/US/docs/secu.../instal_p.html
However a note there says "To use ASDM, you must have a DES license or a 3DES-AES license". What's the situation with this?
I also do not have the ASDM web configuration tool software. I'm also getting confused between the ASDM and the ASDM launcher. Any advice or pointers in the right direction greatly appreciated
Right.
The License thing is really misleading, it's free you just sign up for it on the Cisco site.
ASDM runs on the PIX itself but there are two ways to access it.
You can install the ASDM Launcher on a machine and use this so ASDM will be in it's own seperate window.
Or you can browse to the device in IE/Firefox and ASDM will run in Java in it's own window.
It doesn't make any difference which you use, but if you were going to have a lot of devices running ASDM then the launcher would enable you to just select which you wanted from a drop down list.
Last edited by mrforgetful; 24th January 2008 at 03:23 PM.
Do you have an original 515 or a 515E?
Hi guys, first of all thank you for your quick responses!
@mrforgetful- I have tried browsing the device via http and https (even tried using /admin on the end of the url) but no joy. I assume this is because the firewall was never configured for access this way. I remember reading that an ASDM file or flash has to be uploaded to the pix for it to work.
With respect to the ASDM launcher, if the web interface isn't working because the firewall requires the ASDM flash then would the launcher fail to work as well? Also is the launcher freely available?
@Geoff- it is a 515E
Thanks guys
James
You're right in that it needs to be allowed to run on whichever interface (wether using the browser or the launcher), sorry I don't know the command line commands for that.
Two files are required, an boot file ie asa802-k8.bin, and an ASDM file ie asdm-602.bin
It will then need configuring to use these.
I believe you may have to pay for these (unless you can track them down..) and I'm not sure on compatability between devices. I do know that up until version 7 the code for PIXs and ASAs is the same, after that if diverges. I have an ASA.
Hi mrforgetful, when you say version 7, do you mean version 7 of the IOS (or the equivalent for PIX it there is one)??
If so, how can I find out which version my Pix 515e is running. I'm going to make a wild assumption that I can telnet or ssh into the pix and issue a command fopr this? Obviously I want to get ASDM installed so if you can guide me id really appreciate it
edit:/ btw I found this on enabling and installing ASDM:
http://www.netcraftsmen.net/welcher/papers/asdm01.html
You can find what version of software and other details by telnet, the command is 'show version'
Mine says (amongst other things):
Cisco Adaptive Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(2)
Herein lies my next problem. No password
Any idea of the default (just incase its that)?
Default is just blank, so if that's not working and you don't know the correct one you're a bit stuck.
Other than trying 'cisco' which is a common one so I hear.
Other than that you'll have to reset it to the factory defaults and set it all up from scratch - not a very enticing prospect.
How long have you had the Firewall? The reason I ask is we just updated our 506 to this ASA because our Internet was upgraded to 100Mb but the 506 ony supported 10Mb.
Might be worth looking at then you can go shopping!
Here's the password recovery process for PIX
http://www.cisco.com/warp/public/110/34.shtml
Thanks guys, I still cant seem to log in. I think first port of call will be to contact the previous sysadmin. Then I will try Geoff's password recovery method if I have no joy.
I'm not sure how long they have had the firewall, I've just started and im sure they are not looking to purchase anything new.
Id like to ask you guys to keep an eye on this thread if you don't mind. As soon as I get the password I'm going to try and get ASDM working, so I'll still need some help
Thanks fellas,
James
Yeah, for ASDM to login you need to setup a few things via the terminal using rollover cable.
Firstly is ensuring that your inside interface is configured with an IP (obviously). Secondly you'll need to enable the http server if it's not already on (it should be setup as a https server by default iirc). Thirdly you'll need to add a user name so that you can login to ASDM. Trying to login using "enable" as the user name won't work.
There /is/ a version of ASDM that runs on your computer but for that to work I think you have to have SSH setup on your Pix else it whines at you about it. I've had this happen to me in the cisco labs at uni before now but I'm not entirely sure it wasn't just the version of finesse that was on the pix I was using or whether there was something else I'd done wrong.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
