Re: ASA 5505 - ADSM can't send commands

johncwoo2 · ‎05-18-2011

Hi Everyone,

I'm new to all this so please bear with me.

I'm trying to configure, for the first time, my ASA 5505.

I can connect to the device with the default settings but I cannot configure the device to perform it's role in our network.

I've changed the password on the enable_15 account with which I log into the ASA. I tried using the blank/blank login/password as well.

I'm attempting to change the default address range from the default 192.168.1.1 to 192.9.200.1. However, I cannot seem to save the change. The ADSM says it's sending the commands to the ASA but the commands never apply. After this, I must restart the ASA to achieve a connection again at which point the default settings are still in place. The same thing happens when I attempt to run the "Startup Wizard". I'm running ADSM 6.2 and the ASA 5505 is running firmware 7.2.

Any help would be greatly appreciated.

Allen P Chen · ‎05-18-2011

Hello,

So you are using ASDM to change the IP configuration, correct? After changing the IP address of the ASA to 192.9.200.1, did you change the IP address of your host to the 192.9.200.0 subnet, and then try to reconnect to the ASA using 192.9.200.1?

Since the commands were never saved, when you reload the ASA, most likely the reload changes the IP back to the default of 192.168.1.1.

It might be easier to make the IP change using the command line via the console cable.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/intparam.html#wp1051819

Hope this helps.

johncwoo2 · ‎05-18-2011

Allen,

This helped immensely. The wizard was working properly...well almost. What it wasn't doing was turning on the dhcp server...I guess that command never made it through. So when I set the IP of my host manually, I was able to connect and save the config.

Thank you for your help.

What seems to have died now is my connection to the internet. It was working great when the ASA was in it's default state but now it is not. I'm not quite sure what has changed as my outside IP address and subnet mask are the same as the default config.

brquinn · ‎05-19-2011

John,

Is the outside IP address of the ASA assigned a static IP address or is it using DHCP? What do you see in ASDM under Home > Device Dashboard > Interface Status for your outside interface? Is it up? Is the IP/Mask set correctly?

Next go to Configuration > Device Setup > Interfaces. Do you see which switchports are assigned to the outside interface? Is the ISP plugged into one of these ports?

Finally, if everything seems correct, I would save the configuration on the ASA and power cycle both the ASA and your cable/dsl modem.

I hope this helps.

Thanks,

Brendan

brquinn · ‎05-19-2011

John,

One other thing. After you changed your inside subnet, did you modify your NAT rules? If not, then the old rules are probably still in place for the 192.168.1.0/24 subnet. Go to the Firewall > NAT Rules section and edit the NAT for your new subnet.

Thanks,

Brendan

johncwoo2 · ‎05-23-2011

Brendan,

Thanks so much for your replies.

My main problem is that I do not know how to correctly get the ASA to speak to the DSL modem and therefore the internet. I know that the IP address that the DSL modem assigns to the ASA is 69.XXX.XX.242(when the outside interface is set to DHCP) and the subnet mask is 255.255.255.248. However, if I assign that IP address to the ASA statically, I do not get internet. I'm not sure if it is a DNS thing or a gateway thing or I have not configure a "route"(correct me if my terminology is poor) correctly or whether I should use NAT or PAT(not to mention NAT and PAT configuration).

I do know that when I set the ASA back to the factory setup, it does connect to the internet. I'm just not sure what settings change when I run the startup wizard. I have gotten it running using my preferred inside IP address range but I would like to know what's going on so I can fix it later.

Thanks again for your time.

brquinn · ‎05-23-2011

John,

1) You need to be sure the outside interface gets its IP via DHCP and is configured to set the default route. If you don't choose to set the route, it won't be added automatically.

Example command: ip address dhcp setroute

2) You need to change your NAT for your new inside subnet. So go to ASDM's NAT configuration and change it from the default 192.168.1.1/24 to your new IP address and subnet mask.

3) You may also need to reboot the dsl modem and the ASA after changing the configuration. This will clear out any old arp entries on the ISP side.

I hope this helps.

Thanks,

Brendan

johncwoo2 · ‎05-23-2011

Brendan,

Yes, this helps a lot.

After a little research of my own and your post, I now know that I need to set the "Default Route".

Do you know how I can set the default route through the ADSM? I know that my gateway (IP address of the DSL router/modem) is 69.XXX.XX.246 and I know the ASA can have an outside address of 69.XXX.XX.242 and the proper subnet mask is 255.255.255.248. But I don't know where in the ADSM you can set this.

Sorry, I know I could set this up with the command line interface but I need to show other folks here how to interface with the ASA...and they NEED to use the ASDM even more than I do.

I want to thank you, very much, for your assistance. You all have been extremely helpful.

Cheers,

John

EDIT: I've found the checkbox that tells the outside interface to determine the default route when in DHCP mode but how do you specify the default route if you set the IP address of the outside interface statically?

brquinn · ‎05-23-2011

To setup any static route, including a default route, go to...

- Device Setup > Routing > Static Routes

- Click Add

- Choose the outside interface, set both the route and the mask to 0.0.0.0, and set the Gateway IP (Destination).

I hope this helps.

Thanks,

Brendan

johncwoo2 · ‎05-24-2011

Oh and thank you for not calling me out for referring to the ASDM as the ADSM during this post

brquinn · ‎05-25-2011

Haha, no worries. I hope you got it all working!

Thanks,

Brendan