Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

ASA Management Setup

Picture
There are a couple of management needs that we may have to use, one using the mgmt interface, M0/0, normally considered out-of-band management. The other is in-band-management, where we connect to the ASA over one of the other interfaces. Either way is acceptable, but there may be occasions where a large upload to or from the ASA needs to use the mgmt interface. 

Out of band Access:
interface Management0/0
 nameif mgmt
 security-level 0
 ip address 10.255.1.155 255.255.255.0 
!
http server enable
!
http 10.255.10.0 255.255.255.0 mgmt
!
route mgmt 10.255.10.0 255.255.255.0 10.255.1.1 1
!
username admin password cisco123 privilege 15
!
aaa authentication http console LOCAL

This method allows us to connect to the ASA via the ASDM or Adaptive Security Device Manager. It's a Java based mgmt tool that provides a GUI for interacting with the ASA.

The HTTP server on the ASA needs to be turned on so that a webpage can be presented to a user attempting to use the ASDM. If the user is not on the same subnet, common in a network today, you'll need to point a route to reach the user out the mgmt interface. A username/password combination is needed and access needs to be granted to use the HTTP server.
Picture
Open a web browser and issue the IP address of the mgmt interface.
The HTTP server uses a self-signed certificate, this is FireFox, click Advanced and accept the risk.
Picture
Click on the "Install ASDM Launcher" which will download a .msi installer to install the ASDM. Remember to download and install Adobe Flash Player or the ASDM won't work.
Picture
Issue the IP address of the mgmt interface, username and password and click OK.
Picture
Because a self-signed certificate is used, you'll need to accept it, click continue. 
Picture
You now have connected to the ASDM!
The other method is to connect to the ASA via SSH, you can enable SSH access the same way you did for HTTP access for out of band access. We're going to allow IOS3 to SSH into the ASA.

10.1.0.0 255.255.255.0 inside
!
aaa authentication ssh console LOCAL

IOS3#ssh -l admin 10.1.0.1
Password: 
User admin logged in to ASA
Logins over the last 1 days: 2.  Last login: 17:56:51 UTC Nov 24 2020 from 10.255.10.40
Failed logins since the last login: 0.  
Type help or '?' for a list of available commands.
ASA> en
Password: 
ASA# 

​ASA# show ssh sessions 

SID Client IP       Version Mode Encryption Hmac     State            Username
0   10.1.0.3        1.99    IN   aes128-ctr sha1     SessionStarted   admin
                            OUT  aes128-ctr sha1     SessionStarted   admin
Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto