Previous Page Next Page

Cisco Adaptive Security Device Manager (ASDM)

Cisco Adaptive Security Device Manager (ASDM) is another powerful web-based firewall management tool that is integrated into the Cisco-based firewall software.

Cisco ASDM provides support for integrated security and networking features offered by the market-leading suite of Cisco security appliances.

Cisco ASDM can be used to manage the following Cisco firewalls:

Cisco ASDM greatly improves productivity, simplifies security policy creation through step-by-step smart wizards, and offers proactive monitoring and debugging tools.

Cisco ASDM provides firewall management and provisioning of network and application security with greater flexibility.

Cisco ASDM—Features and Capabilities

Cisco ASDM offers a state-of-the-art security management and monitoring system through an intuitive, easy-to-use, secure web-based management interface.

The following list outlines some of the common Cisco ASDM capabilities for configuring and deploying Cisco firewalls using a web-based management interface:

Cisco ASDM—How It Works

Cisco ASDM is an integrated solution embedded within Cisco firewall software release.

Cisco ASDM can be launched remotely using a web browser from any user desktop PC on the network with an enabled Java plug-in, thereby providing rapid secure access to the Cisco ASA 5500 Series Adaptive Security Appliances or Cisco PIX Security Appliances.

With the factory default configuration on the firewall, users can connect to Cisco ASDM by using the default management IP address of 192.168.1.1. By default, on the Cisco ASA 5500 series appliance, Cisco ASDM connects to the Management0/0 interface. For the PIX 500 series appliance, Cisco ASDM connects to the Ethernet1 interface. In this case, the local desktop PC must be on the same subnet as the management IP address subnet—that is, 192.168.1.0/24.

Note

To restore the default configuration, enter the configure factory-default command on the security appliance console CLI.


As with Cisco SDM, users can launch Cisco ASDM from supported Internet browser using the firewall IP address as follows:

https://firewall_ip_address

When the Cisco ASDM application is launched, it provides a dynamic dashboard that gives a complete system overview and firewall health statistics.

Figure 24-15 shows the Cisco ASDM home page when the application is launched.

Figure 24-15. Cisco ASDM Home Page


The Cisco ASDM home page provides comprehensive information including the following:

Further tabs from the home page provide comprehensive information for device configuration, monitoring, and real-time status indicators.

Figure 24-16 shows a sample screen capture of the Cisco ASDM Firewall Dashboard page that displays connection statistics, packet rate, Top 10 rules, and possible scan and network attack information.

Figure 24-16. Cisco ASDM—Firewall Dashboard Page


Figure 24-17 shows a sample screen capture of the Cisco ASDM Configuration page that displays firewall access rules.

Figure 24-17. Cisco ASDM—Configuration Page Showing Access Rule Details


Cisco ASDM also includes a configuration search engine that helps users locate where specific features can be configured and provides convenient point-and-click access to the search results.

Cisco ASDM—Packet Tracer Utility

Cisco ASDM introduces a powerful and revolutionary Packet Tracer utility that enables rapid troubleshooting and simplifies fault finding of any nature, including the most complex policy environments, with numerous access rules, or layered security services.

The Cisco ASDM Packet Tracer is the first proactive debugging tool that is capable of determining the packet flow and charting complete details of a day-in-the-life of a packet.

The Packet Tracer utility employs an animated packet flow model, emulating a complete TCP/IP flow sequence for any given protocol or port number. It virtually passes through the entire device configuration checking all access rules, NAT rules, filter rules, and service policies. During the flows through each stage, it provides visual aids to indicate the status of each transaction and the action performed at that stage of that packet's lifetime. These visual indicators provide users the insight into the packet flow and help identify the fault and determine incorrect policies, which can be in the form of erroneous network translation policies, access rules, or inspection engines.

Figure 24-18 shows a sample screen capture of the Cisco ASDM Packet Tracer utility.

Figure 24-18. Cisco ASDM—Packet Tracer Utility


Cisco ASDM—Syslog to Access Rule Correlation

Cisco ASDM introduces yet another dynamic tool that enables Syslog to Access Rule Correlation. This dynamic feature greatly enhances day-to-day security management and troubleshooting activities to resolve common configuration issues and network connectivity problems.

The Syslog to Access Rule Correlation feature offers an intuitive view into syslog messages invoked by user-configured access rules. Users can closely inspect traffic patterns and monitor resource access behavior.

Cisco ASDM—Supported Firewalls and Software Versions

Table 24-9 lists the supported hardware and software for the Cisco ASA 5500 series security appliances.

Table 24-9. Cisco ASDM—Cisco ASA 5500 Series System Requirements
HardwareSoftware
Platform: Cisco ASA 5505, 5510, 5520, 5540, or 5550 Adaptive Security Appliance

RAM: 256 MB

Flash memory: 64 MB
Cisco ASA Software: Version 7.2 Encryption: DES or 3DES enabled


Table 24-10 lists the supported hardware and software for the Cisco PIX 500 series security appliances.

Table 24-10. Cisco ASDM—Cisco PIX 500 Series System Requirements
HardwareSoftware
Platform: Cisco PIX 515/515E, 525, or 535 Security Appliances (Cisco PIX 501 and 506/506E Security Appliances are not supported)

RAM: 64 MB

Flash memory: 16 MB
Cisco PIX Security Appliance Software Version 7.2 Encryption: DES or 3DES enabled


Cisco ASDM—User Requirements

Table 24-11 lists the supported operating system and web browser on the end-user PC to launch the Cisco ASDM application.

Table 24-11. Cisco ASDM—Operating Systems and Web Browsers Supported by Cisco ASDM
Operating SystemsBrowsers (JavaScript and Java-Enabled)
Windows 2000 with Service Pack 4 (English/Japanese) Windows XP (English/Japanese)Microsoft Internet Explorer 6.0 with Java Plug-In v1.4.2 or 1.5.0

Firefox 1.5 with Java Plug-In v1.4.2 or 1.5.0

Netscape Communicator 7.2 with Java Plug-In v1.4.2 or 1.5.0
Sun Solaris 2.8 or higher running CDEMozilla 1.7.3 with Java Plug-In v1.4.2 or 1.5.0
Red Hat Linux 9.0 running GNOME or KDE Red Hat Enterprise Linux WS Version 3Firefox 1.5 with Java Plug-In v1.4.2 or 1.5.0


For more details about installing and configuring Cisco ASDM, refer to the following Cisco documentation:

http://www.cisco.com/en/US/products/ps6120/prod_installation_guides_list.html

http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

http://www.cisco.com/en/US/products/ps6121/products_data_sheets_list.html

Previous Page Next Page