Cisco Adaptive Security Device Manager (ASDM) is another powerful web-based firewall management tool that is integrated into the Cisco-based firewall software.
Cisco ASDM provides support for integrated security and networking features offered by the market-leading suite of Cisco security appliances.
Cisco ASDM can be used to manage the following Cisco firewalls:
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco PIX 500 Series Security Appliances
Cisco Catalyst 6500 Series Firewall Services Module (FWSM)
Cisco ASDM greatly improves productivity, simplifies security policy creation through step-by-step smart wizards, and offers proactive monitoring and debugging tools.
Cisco ASDM provides firewall management and provisioning of network and application security with greater flexibility.
Cisco ASDM offers a state-of-the-art security management and monitoring system through an intuitive, easy-to-use, secure web-based management interface.
The following list outlines some of the common Cisco ASDM capabilities for configuring and deploying Cisco firewalls using a web-based management interface:
Complete support for Cisco ASA 5500 series appliance software and Cisco PIX 500 series appliance software features
Web-based management application integrated into Cisco firewall software
Secure remote management to Cisco market-leading Cisco firewalls
Security and policy deployments using smart wizards
Robust administration and management tools
Capability to configure optional features such as DHCP, NAT, administrative access
Support of auto-update, a revolutionary secure remote-management capability that helps keep appliance configurations and software images up-to-date
Rapid configuration support features, such as inline and drag-and-drop policy editing, autocomplete, configuration wizards, appliance software upgrades, and online help
Profile-based management for all application inspection and control capabilities
Powerful troubleshooting and diagnostics tools, such as Packet Tracer, log-policy correlation, packet capture, regular expression tester, and embedded log reference
Real-time status and monitoring information features, such as device, firewall, content security, and IPS dashboards; real-time graphing; and tabulated metrics enabling rapid response to security incidents
Cisco ASDM is an integrated solution embedded within Cisco firewall software release.
Cisco ASDM can be launched remotely using a web browser from any user desktop PC on the network with an enabled Java plug-in, thereby providing rapid secure access to the Cisco ASA 5500 Series Adaptive Security Appliances or Cisco PIX Security Appliances.
With the factory default configuration on the firewall, users can connect to Cisco ASDM by using the default management IP address of 192.168.1.1. By default, on the Cisco ASA 5500 series appliance, Cisco ASDM connects to the Management0/0 interface. For the PIX 500 series appliance, Cisco ASDM connects to the Ethernet1 interface. In this case, the local desktop PC must be on the same subnet as the management IP address subnet—that is, 192.168.1.0/24.
Note
To restore the default configuration, enter the configure factory-default command on the security appliance console CLI.
As with Cisco SDM, users can launch Cisco ASDM from supported Internet browser using the firewall IP address as follows:
https://firewall_ip_address
When the Cisco ASDM application is launched, it provides a dynamic dashboard that gives a complete system overview and firewall health statistics.
Figure 24-15 shows the Cisco ASDM home page when the application is launched.
The Cisco ASDM home page provides comprehensive information including the following:
Hardware model of the firewall
Firewall software version
Memory usage
License information
Interface status
Traffic status
Further tabs from the home page provide comprehensive information for device configuration, monitoring, and real-time status indicators.
Figure 24-16 shows a sample screen capture of the Cisco ASDM Firewall Dashboard page that displays connection statistics, packet rate, Top 10 rules, and possible scan and network attack information.
Figure 24-17 shows a sample screen capture of the Cisco ASDM Configuration page that displays firewall access rules.
Cisco ASDM also includes a configuration search engine that helps users locate where specific features can be configured and provides convenient point-and-click access to the search results.
Cisco ASDM introduces a powerful and revolutionary Packet Tracer utility that enables rapid troubleshooting and simplifies fault finding of any nature, including the most complex policy environments, with numerous access rules, or layered security services.
The Cisco ASDM Packet Tracer is the first proactive debugging tool that is capable of determining the packet flow and charting complete details of a day-in-the-life of a packet.
The Packet Tracer utility employs an animated packet flow model, emulating a complete TCP/IP flow sequence for any given protocol or port number. It virtually passes through the entire device configuration checking all access rules, NAT rules, filter rules, and service policies. During the flows through each stage, it provides visual aids to indicate the status of each transaction and the action performed at that stage of that packet's lifetime. These visual indicators provide users the insight into the packet flow and help identify the fault and determine incorrect policies, which can be in the form of erroneous network translation policies, access rules, or inspection engines.
Figure 24-18 shows a sample screen capture of the Cisco ASDM Packet Tracer utility.
Cisco ASDM introduces yet another dynamic tool that enables Syslog to Access Rule Correlation. This dynamic feature greatly enhances day-to-day security management and troubleshooting activities to resolve common configuration issues and network connectivity problems.
The Syslog to Access Rule Correlation feature offers an intuitive view into syslog messages invoked by user-configured access rules. Users can closely inspect traffic patterns and monitor resource access behavior.
Table 24-9 lists the supported hardware and software for the Cisco ASA 5500 series security appliances.
Hardware | Software |
---|---|
Platform: Cisco ASA 5505, 5510, 5520, 5540, or 5550 Adaptive Security Appliance
RAM: 256 MB Flash memory: 64 MB | Cisco ASA Software: Version 7.2 Encryption: DES or 3DES enabled |
Table 24-10 lists the supported hardware and software for the Cisco PIX 500 series security appliances.
Table 24-11 lists the supported operating system and web browser on the end-user PC to launch the Cisco ASDM application.
For more details about installing and configuring Cisco ASDM, refer to the following Cisco documentation:
http://www.cisco.com/en/US/products/ps6120/prod_installation_guides_list.html
http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
http://www.cisco.com/en/US/products/ps6121/products_data_sheets_list.html