Search This Blog

Wednesday, October 16, 2013

Cisco ASA ASDM install and configure

We can configure either inside or management interface.

1.       Configure inside interface:

interface Vlan1
 nameif inside
 security-level 100
 ip address

2.       Generate self-certificate:

crypto key generate rsa general-keys modulus 2048

3.       Set account:

username cisco password cisco privilege 15

4.       Enable HTTPs and set access:

http server enable
http inside

5.       Set  SSH access:

ssh inside

6.       Set ASDM image:

asdm image disk0:/asdm-714.bin

If no ASDM file is found download the file from and copy it to disk0 using TFTP/FTP.

7. Configure AAA services:

user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
aaa authentication enable console LOCAL 
aaa authentication http console LOCAL 

8.       Login into the ASA using a web browser to URL: https://<ASA_IP_ADDRESS>/admin
If you are getting a web page with the following error: (Error code: ssl_error_no_cypher_overlap) follow the instructions in How to obtain Cisco ASA 3DES license section.

How to obtain Cisco ASA 3DES license

Click on Get New->IPS, Crypto, Other licenses:

 Click Cisco ASA 3DES/AES License:

Enter the serial number of the ASA (can be taken from the CLI using the command show version) and click next:

Enter the relevant information and click Get License:

The license will be send to the e-mail you have entered.

Now login into the ASA using console and enter the following command with the license you have received:

ciscoasa# configure terminal
ciscoasa(config)# activation-key xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx

Then reload the appliance for changes to take effect.

No comments:

Post a Comment