That's not the solution.  As I stated in my original post, the ASDM bin file is not part of the ASAv Azure deployment, so opening up ports doesn't help.  

I had to:

- Deploy a Windows VM behind the ASAv

- Remove the Route Table assigned to the that VM's Subnet

- Remove all Network Security Groups

- Install a TFTP server on the Windows VM

- Put ASDM bin file in the TFTP servers folder

- Through the ASA CLI, copy the ASDM bin from the TFTP server.

- Assign the uploaded bin file as the ASDM for the ASA

- asdm image disk0:/asdm.bin

Once that was done I was able to login to the ASDM.  I'm still unsure why all Cisco's documentation says this file in on the ASAv and turned on by default.

Now I'm wondering if they changed something in 6 days (time from your original post) because I literally just did this without issue.  Possible I did something different too.

I deployed the 4 nic version of the ASAv from the Azure Market place. There was no asdm image in storage.  Not sure how differently it could be deployed unless you used an ARM template, though I've not seen on of those for the ASAv.

Hi Matt,

Thanks for this post. I am experiencing the same with the ASAv in Azure. When I look at the directory structure I don't see the asdm.bin file. This is the view from a freshly deployed ASAv:

Directory of disk0:/

29 drwx 4096 13:30:21 Oct 17 2016 smart-log
26 drwx 4096 13:29:16 Oct 17 2016 log
63 drwx 4096 13:30:28 Oct 17 2016 coredumpinfo

8571076608 bytes total (8559841280 bytes free)

I want to walk through the steps you gave but I am pretty new to Cisco. Can you tell me where I can get the asdm.bin file?

Thanks,

Steve

I'm pretty sure I go it from here: http://www.cisco.com/cgi-bin/tablebuild.pl/asa

I'm not sure if the ADSM was available to download because I have a few ASA's registered to my account or not, but following that link and logging in should take you there.

If it doesn't go to https://software.cisco.com/download/navigator.html?mode=home.  Navigate to Products->Security->Firewalls->Firewall Management->Adaptive Security Device Manager->Adaptive Security Appliance (ASA) Device Manager.

If you don't have a TFTP server yet, I'd recommend Solar Winds: http://www.solarwinds.com/free-tools/free-tftp-server.  Its free and very easy to get up and running.

I don't know if you are doing this for you're own edification or vetting this as a solution, but I'd also (and this is probably not the right place to mention this) suggest you look at other firewall offerings in Azure.  Many of them will deploy with a free trial for a limited number of days.  Specifically, I'd suggest looking at the Fortigate/Fortinet, Check Point and F5 offerings.

Hope that helps.

Looks like a need a support contract to download it. Oh well, I guess I will try to set up everything via command line.

This is something I am tasked with investigating so I have to keep moving forward with it. In addition to the options you mentioned, I have used pfSense, an open source firewall based on FreeBSD. I like that one a lot and would use it in most cases for personal use.

By the way, I really appreciate your response and your help.

Steve

I was afraid of that.  You may be able to call Cisco's pre-sales support and get access to the ADSM file from them.  The other issue you may run into is licensing. I don't think it deploys with a trial license.  I wasn't able to get a site-to-site VPN setup until I got a trial license installed.

To get the trial license, I think you have to be setup as a Cisco partner for resale.  It took me about 2 weeks to figure out the process (pre-sales support was of little help).  You'll also need a valid email for one of their distributors' (like Ingram-Micro) sales rep.

The other FWs I mentioned are also Next Gen FWs.  They come with a lot of functionality, like IPS/IDS, Application Security, Anti-virus, URL Filtering, etc. that the ASAv doesn't provide. They are more expensive, but if you're looking at doing something like moving your data center to Azure, they are recommended.

Do Cisco purposefully make it as difficult as possible to use their products ?

 

I was hoping to test this quickly to see if the functionality was what i needed but i'll look at a competitor FW you mentioned now.

 

 

I have verified that ASDM image is bundled with ASAv image in Azure, please check out of "show version".
answami-asav01# sh ver 
Cisco Adaptive Security Appliance Software Version 9.9(2)235 
Firepower Extensible Operating System Version 2.3(1.84)
Device Manager Version 7.9(2)

In addition to this please check output of "dir all-filesystems"

answami-asav01# dir all-filesystems

Directory of disk0:/

27 drwx 4096 07:45:25 Aug 08 2018 smart-log
24 drwx 4096 07:44:26 Aug 08 2018 log
61 drwx 4096 07:45:30 Aug 08 2018 coredumpinfo

0 file(s) total size: 0 bytes
8571076608 bytes total (8549351424 bytes free/99% free)

Directory of boot:/

67 -rwx 110665728 11:47:44 Jul 17 2018 asa992-235-smp-k8.bin
68 -rwx 32738292 11:47:44 Jul 17 2018 asdm-79247.bin
69 -rwx 59123840 11:47:44 Jul 17 2018 asa-restapi-132300-lfbff-k8.SPA
70 -rwx 93939 11:47:44 Jul 17 2018 CustomScriptForLinux-1.4.1.0.tar.gz
21 -rwx 144793 11:47:44 Jul 17 2018 CustomScriptForLinux-1.5.2.0.tar.gz

5 file(s) total size: 202766592 bytes
534495232 bytes total (331554816 bytes free/62% free)

You will notice that we have bundled ASDM and rest API image with ASAv instance in Azure.

- Please perform following steps to access ASDM:

- Please true following steps to access ASDM
○ Enable ASDM
§ Http server enable
§ Http 0 0 management (or replace 0 0 with your management host)
○ Allow port tcp 443 in NSG on eth0 (nic0) interface (it is not allowed by default).
- Once you have above config in place ASDM should be accessible.

Hope this helps!

Hello Matt,
I have verified that ASDM image is bundled with ASAv image in Azure, please check out of "show version".
answami-asav01# sh ver 
Cisco Adaptive Security Appliance Software Version 9.9(2)235 
Firepower Extensible Operating System Version 2.3(1.84)
Device Manager Version 7.9(2)

In addition to this please check output of "dir all-filesystems"

answami-asav01# dir all-filesystems

Directory of disk0:/

27 drwx 4096 07:45:25 Aug 08 2018 smart-log
24 drwx 4096 07:44:26 Aug 08 2018 log
61 drwx 4096 07:45:30 Aug 08 2018 coredumpinfo

0 file(s) total size: 0 bytes
8571076608 bytes total (8549351424 bytes free/99% free)

Directory of boot:/

67 -rwx 110665728 11:47:44 Jul 17 2018 asa992-235-smp-k8.bin
68 -rwx 32738292 11:47:44 Jul 17 2018 asdm-79247.bin
69 -rwx 59123840 11:47:44 Jul 17 2018 asa-restapi-132300-lfbff-k8.SPA
70 -rwx 93939 11:47:44 Jul 17 2018 CustomScriptForLinux-1.4.1.0.tar.gz
21 -rwx 144793 11:47:44 Jul 17 2018 CustomScriptForLinux-1.5.2.0.tar.gz

5 file(s) total size: 202766592 bytes
534495232 bytes total (331554816 bytes free/62% free)

You will notice that we have bundled ASDM and rest API image with ASAv instance in Azure.

- Please perform following steps to access ASDM:

- Please true following steps to access ASDM
○ Enable ASDM
§ Http server enable
§ Http 0 0 management (or replace 0 0 with your management host)
○ Allow port tcp 443 in NSG on eth0 (nic0) interface (it is not allowed by default).
- Once you have above config in place ASDM should be accessible.

Hope this helps!

Steve,
Hello Matt,
I have verified that ASDM image is bundled with ASAv image in Azure, please check out of "show version".
answami-asav01# sh ver 
Cisco Adaptive Security Appliance Software Version 9.9(2)235 
Firepower Extensible Operating System Version 2.3(1.84)
Device Manager Version 7.9(2)

In addition to this please check output of "dir all-filesystems"

answami-asav01# dir all-filesystems

Directory of disk0:/

27 drwx 4096 07:45:25 Aug 08 2018 smart-log
24 drwx 4096 07:44:26 Aug 08 2018 log
61 drwx 4096 07:45:30 Aug 08 2018 coredumpinfo

0 file(s) total size: 0 bytes
8571076608 bytes total (8549351424 bytes free/99% free)

Directory of boot:/

67 -rwx 110665728 11:47:44 Jul 17 2018 asa992-235-smp-k8.bin
68 -rwx 32738292 11:47:44 Jul 17 2018 asdm-79247.bin
69 -rwx 59123840 11:47:44 Jul 17 2018 asa-restapi-132300-lfbff-k8.SPA
70 -rwx 93939 11:47:44 Jul 17 2018 CustomScriptForLinux-1.4.1.0.tar.gz
21 -rwx 144793 11:47:44 Jul 17 2018 CustomScriptForLinux-1.5.2.0.tar.gz

5 file(s) total size: 202766592 bytes
534495232 bytes total (331554816 bytes free/62% free)

You will notice that we have bundled ASDM and rest API image with ASAv instance in Azure.

- Please perform following steps to access ASDM:

- Please true following steps to access ASDM
○ Enable ASDM
§ Http server enable
§ Http 0 0 management (or replace 0 0 with your management host)
○ Allow port tcp 443 in NSG on eth0 (nic0) interface (it is not allowed by default).
- Once you have above config in place ASDM should be accessible.

Hope this helps!

Hello Matt,

Hello Matt,
I have verified that ASDM image is bundled with ASAv image in Azure, please check out of "show version".
answami-asav01# sh ver 
Cisco Adaptive Security Appliance Software Version 9.9(2)235 
Firepower Extensible Operating System Version 2.3(1.84)
Device Manager Version 7.9(2)

In addition to this please check output of "dir all-filesystems"

answami-asav01# dir all-filesystems

Directory of disk0:/

27 drwx 4096 07:45:25 Aug 08 2018 smart-log
24 drwx 4096 07:44:26 Aug 08 2018 log
61 drwx 4096 07:45:30 Aug 08 2018 coredumpinfo

0 file(s) total size: 0 bytes
8571076608 bytes total (8549351424 bytes free/99% free)

Directory of boot:/

67 -rwx 110665728 11:47:44 Jul 17 2018 asa992-235-smp-k8.bin
68 -rwx 32738292 11:47:44 Jul 17 2018 asdm-79247.bin
69 -rwx 59123840 11:47:44 Jul 17 2018 asa-restapi-132300-lfbff-k8.SPA
70 -rwx 93939 11:47:44 Jul 17 2018 CustomScriptForLinux-1.4.1.0.tar.gz
21 -rwx 144793 11:47:44 Jul 17 2018 CustomScriptForLinux-1.5.2.0.tar.gz

5 file(s) total size: 202766592 bytes
534495232 bytes total (331554816 bytes free/62% free)

You will notice that we have bundled ASDM and rest API image with ASAv instance in Azure.

- Please perform following steps to access ASDM:

- Please true following steps to access ASDM
○ Enable ASDM
§ Http server enable
§ Http 0 0 management (or replace 0 0 with your management host)
○ Allow port tcp 443 in NSG on eth0 (nic0) interface (it is not allowed by default).
- Once you have above config in place ASDM should be accessible.

Hope this helps!

Hello Matt,

Hello Matt,
I have verified that ASDM image is bundled with ASAv image in Azure, please check out of "show version".
answami-asav01# sh ver 
Cisco Adaptive Security Appliance Software Version 9.9(2)235 
Firepower Extensible Operating System Version 2.3(1.84)
Device Manager Version 7.9(2)

In addition to this please check output of "dir all-filesystems"

answami-asav01# dir all-filesystems

Directory of disk0:/

27 drwx 4096 07:45:25 Aug 08 2018 smart-log
24 drwx 4096 07:44:26 Aug 08 2018 log
61 drwx 4096 07:45:30 Aug 08 2018 coredumpinfo

0 file(s) total size: 0 bytes
8571076608 bytes total (8549351424 bytes free/99% free)

Directory of boot:/

67 -rwx 110665728 11:47:44 Jul 17 2018 asa992-235-smp-k8.bin
68 -rwx 32738292 11:47:44 Jul 17 2018 asdm-79247.bin
69 -rwx 59123840 11:47:44 Jul 17 2018 asa-restapi-132300-lfbff-k8.SPA
70 -rwx 93939 11:47:44 Jul 17 2018 CustomScriptForLinux-1.4.1.0.tar.gz
21 -rwx 144793 11:47:44 Jul 17 2018 CustomScriptForLinux-1.5.2.0.tar.gz

5 file(s) total size: 202766592 bytes
534495232 bytes total (331554816 bytes free/62% free)

You will notice that we have bundled ASDM and rest API image with ASAv instance in Azure.

- Please perform following steps to access ASDM:

- Please true following steps to access ASDM
○ Enable ASDM
§ Http server enable
§ Http 0 0 management (or replace 0 0 with your management host)
○ Allow port tcp 443 in NSG on eth0 (nic0) interface (it is not allowed by default).
- Once you have above config in place ASDM should be accessible.

Hope this helps!