Re: ASA5508 - ASDM User Accounts - Page 2

wynneitmgr · ‎04-06-2020

New to Firewall Management and need some help. We have a couple User Accounts setup in Cisco ASDM. We htought these users were for the ability to login directly to the Firewall from "outside" our network. Is that what these users are for? Do I login to our WAN IP? How do these users login. Thanks for any advise!

Rob Ingram · ‎04-06-2020

Yes it should work on the outside interface.
You can also enable it on the management interface, if it was already enabled and you have a management network. I assume you are currently connected to the inside interface?

wynneitmgr · ‎04-06-2020

When I try to go to the IP on a browser Outside of Network, I get the "Connection is not Private" warning, then when I proceed it says page cannot be found. What am I missing here? Thank you.

Rob Ingram · ‎04-06-2020

Well it proves that you can at least access the login page, which is good!

Try appending /admin after the IP address. E.g:- "https://1.1.1.1/admin" - obviously replacing 1.1.1.1 with your IP address

If you already have ASDM installed then you don't need to open a web browser, you can just open ASDM set the IP address as the outside interface IP address and then login.

wynneitmgr · ‎04-06-2020

It says I have to have some service contract to download ASDM. Is that the only way to get ASDM? Thank you.

Rob Ingram · ‎04-06-2020

This is from the cisco website?
If you go to the ASA login page, e.g:- https://1.1.1.1/admin you download ASDM from there and then install on the computer. You do this only once, once installed you access ASDM directly.

I was querying whether you'd already done this on your computer, in which case ASDM would already have been downloaded and installed.

wynneitmgr · ‎04-06-2020

I only have ASDM installed on my domain controller. I was wanting to put ASDM on 2 laptops for remote users but am not able to access through browser as I mention earlier. I have tried just the https://ipaddress and also https://ipaddress/admin. Neither are working.

Rob Ingram · ‎04-06-2020

Can you try again from a different browser?
Are you accessing the webpage when connected to the outside of the ASA?

wynneitmgr · ‎04-06-2020

I did get the login screen to come up in Internet Explorer. It is asking for my login credentials, then tries to install AnyConnect VPN. Is this normal? Is it because I did not put admin after the IP Address?

Rob Ingram · ‎04-06-2020

What about when you append /admin? - https://1.1.1.1/ADMIN

wynneitmgr · ‎04-06-2020

It is all working now. I was able to login with adding admin to end of ip address and download ASDM.

Thank you for all your help!

Marvin Rhoads · ‎04-06-2020

ACLs are (generally speaking) for traffic going THROUGH the firewall - not traffic TO the firewall.

It's as @Rob Ingram said for allowing management traffic (which terminates on the firewall - i.e., TO the firewall).