Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1021
Views
0
Helpful
2
Replies

ASDM configuration on ASA 5525X

Muthukumar P
Level 1
Level 1

‎03-25-2017 05:19 AM - edited ‎03-12-2019 02:07 AM

HI i have tried ASDM configuration on ASA 5525X but not able to achieved . Please share the configuration example on this..

Note: I have configured with  Port channel with sub interface in 5525x and plz confirm if any software need to be installed in system side to access the ASA via ASDM..

Thanks

Muthukumar

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-25-2017 06:43 AM

Please share your running configuration and output from "show version".

Also let us know the address of the host that is trying and failing to access the ASA via ASDM. it does need to launch ASDM from the ASA - either as a Java Web Start application or via downloading the local installer. 

0 Helpful

Muthukumar P
Level 1
Level 1
In response to Marvin Rhoads

‎03-25-2017 11:33 PM

HI ,

  Please find the config files. we have configured the following IP 10.246.17.145 for ASA out. We will access the ASA with ASDM for the same Ip address and i have upgrade the following ASDM version asdm-771.bin in ASA.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.03.23 17:41:48 =~=~=~=~=~=~=~=~=~=~=~=
sh run
: Saved

:
: Serial Number: FCH20457DE3
: Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
:
ASA Version 9.4(4)2
!
hostname citpl-dc-fw01a
enable password LmPAkL7AVu3jAHq3 encrypted
names
!
interface GigabitEthernet0/0
 description *** Dcsw1-port 47 ***
 channel-group 40 mode active
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/1
 description *** Dcsw2-port 47 ***
 channel-group 40 mode active
 no nameif
 no security-level
 no ip address
<--- More --->
              
!
interface GigabitEthernet0/2
 channel-group 10 mode active
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 channel-group 10 mode active
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 no nameif
 no security-level
 no ip address
!
<--- More --->
              
interface GigabitEthernet0/6
 channel-group 42 mode active
!
interface GigabitEthernet0/7
 channel-group 42 mode active
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 no ip address
!
interface Port-channel10
 lacp max-bundle 8
 nameif ASA-OUT
 security-level 0
 ip address 10.246.17.145 255.255.255.248 standby 10.246.17.146
!
interface Port-channel40
 lacp max-bundle 8
 no nameif
 no security-level
 no ip address
!
<--- More --->
              
interface Port-channel40.31
 description ** Hardware Manageemnt **
 vlan 31
 nameif HARDWARE-MGMT
 security-level 100
 ip address 10.246.17.1 255.255.255.192 standby 10.246.17.2
!
interface Port-channel40.50
 description ** TOS-APP Server **
 vlan 50
 nameif TOS-APP
 security-level 100
 ip address 10.246.19.1 255.255.255.224 standby 10.246.19.2
!
interface Port-channel40.51
 description ** TOS-DB Server **
 vlan 51
 nameif TOS-DB
 security-level 100
 ip address 10.246.19.33 255.255.255.224 standby 10.246.19.34
!
interface Port-channel40.52
 description ** CORP-APP Server **
 vlan 52
<--- More --->
              
 nameif CORP-APP
 security-level 100
 ip address 10.246.19.65 255.255.255.224 standby 10.246.19.66
!
interface Port-channel40.53
 description ** TEST-TOS Server **
 vlan 53
 nameif TEST-TOS
 security-level 100
 ip address 10.246.19.145 255.255.255.248 standby 10.246.19.146
!
interface Port-channel40.54
 description **Vmotion **
 vlan 54
 nameif VMotion
 security-level 100
 ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
!
interface Port-channel40.55
 description ** HOST-MGMT Server **
 vlan 55
 nameif HOST-MGMT
 security-level 100
 ip address 10.246.19.161 255.255.255.240 standby 10.246.19.162
<--- More --->
              
!
interface Port-channel42
 description LAN/STATE Failover Interface
 lacp max-bundle 8
!
interface Port-channel48
 no nameif
 no security-level
 no ip address
!
banner login WARNING:
banner login .
banner login ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner login PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
banner login UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
banner motd WARNING:
banner motd .
banner motd ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED
banner motd PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION
banner motd UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
banner asdm WARNING:
banner asdm ACCESS TO INFORMATION ON THIS MACHINE AND NETWORK IS RESTRICTED TO AUTHORISED PERSONNEL ONLY. ANY UNAUTHORISED USER IS SUBJECT TO CRIMINAL PROSECUTION UNDER THE COMPUTER MISUSE AND CYBERSECURITY ACT (CAP. 50A).
boot system disk0:/asa944-2-smp-k8.bin
ftp mode passive
<--- More --->
              
clock timezone IND 5 30
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list out-to-in extended permit ip any any log
access-list out-to-in extended permit icmp any any log
access-list tos-db extended permit ip any any
access-list tos-db extended permit icmp any any echo
access-list tos-db extended permit icmp any any echo-reply
pager lines 24
logging enable
logging timestamp
logging standby
logging buffer-size 32768
logging monitor debugging
logging buffered debugging
logging trap debugging
logging asdm informational
mtu HARDWARE-MGMT 1500
mtu TOS-APP 1500
mtu TOS-DB 1500
mtu CORP-APP 1500
mtu TEST-TOS 1500
mtu VMotion 1500
mtu HOST-MGMT 1500
<--- More --->
              
mtu management 1500
mtu ASA-OUT 1500
ip verify reverse-path interface management
ip verify reverse-path interface ASA-OUT
failover
failover lan unit primary
failover lan interface lanfail Port-channel42
failover link lanfail Port-channel42
failover interface ip lanfail 192.168.50.253 255.255.255.0 standby 192.168.50.254
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo management
icmp permit any echo-reply management
icmp permit any echo ASA-OUT
icmp permit any echo-reply ASA-OUT
asdm image disk0:/asdm-7221.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group out-to-in in interface ASA-OUT
route ASA-OUT 0.0.0.0 0.0.0.0 10.246.17.147 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
<--- More --->
              
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
sysopt noproxyarp management
sysopt noproxyarp ASA-OUT
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
no ssh stricthostkeycheck
ssh 10.246.17.0 255.255.255.192 HARDWARE-MGMT
ssh 10.246.17.144 255.255.255.248 ASA-OUT
ssh timeout 15
ssh version 2
ssh cipher encryption custom "aes256-ctr"
ssh cipher integrity custom "hmac-sha1"
ssh key-exchange group dh-group14-sha1
console timeout 15
management-access ASA-OUT
<--- More --->
              
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.246.17.147
ntp server 10.246.17.178
ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
dynamic-access-policy-record DfltAccessPolicy
username citpl password Ez0Dc2.KSb9wc/P1 encrypted
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
<--- More --->
              
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
  inspect icmp error
!
service-policy global_policy global
prompt hostname context priority state
no call-home reporting anonymous
Cryptochecksum:42c7cfc286ac3bd532fc1058e01b5b3f

----------------------------------------------------------------------------------------------------------

citpl-dc-fw01a/pri/act# sh version

Cisco Adaptive Security Appliance Software Version 9.4(4)2

Compiled on Thu 16-Feb-17 09:09 PST by builders
System image file is "disk0:/asa944-2-smp-k8.bin"
Config file at boot was "startup-config"

citpl-dc-fw01a up 42 mins 41 secs
failover cluster up 42 mins 41 secs

Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
            ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
                             Boot microcode        : CNPx-MC-BOOT-2.00
                             SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005
                             IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026
                             Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4


 0: Int: Internal-Data0/0    : address is 2cd0.2d13.2b2d, irq 11
 1: Ext: GigabitEthernet0/0  : address is 2cd0.2d13.2b32, irq 5
<--- More --->
              
 2: Ext: GigabitEthernet0/1  : address is 2cd0.2d13.2b2e, irq 5
 3: Ext: GigabitEthernet0/2  : address is 2cd0.2d13.2b33, irq 10
 4: Ext: GigabitEthernet0/3  : address is 2cd0.2d13.2b2f, irq 10
 5: Ext: GigabitEthernet0/4  : address is 2cd0.2d13.2b34, irq 5
 6: Ext: GigabitEthernet0/5  : address is 2cd0.2d13.2b30, irq 5
 7: Ext: GigabitEthernet0/6  : address is 2cd0.2d13.2b35, irq 10
 8: Ext: GigabitEthernet0/7  : address is 2cd0.2d13.2b31, irq 10
 9: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0
10: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
11: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0
12: Ext: Management0/0       : address is 2cd0.2d13.2b2d, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
<--- More --->
              
Total VPN Peers                   : 750            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Enabled        perpetual
Cluster Members                   : 2              perpetual

This platform has an ASA5525 VPN Premium license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 200            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
Security Contexts                 : 4              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 4              perpetual
<--- More --->
              
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 750            perpetual
Total VPN Peers                   : 750            perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
Total UC Proxy Sessions           : 4              perpetual
Botnet Traffic Filter             : Disabled       perpetual
IPS Module                        : Disabled       perpetual
Cluster                           : Enabled        perpetual

This platform has an ASA5525 VPN Premium license.

Serial Number: FCH20457DE3
Running Permanent Activation Key: 0xa108ed63 0x38558548 0x39b029ac 0xdb6040f8 0x4a1bff91
Configuration register is 0x1

Image type          : Release
Key version         : A

Configuration has not been modified since last system restart.

citpl-dc-fw01a/pri/act# sh

citpl-dc-fw01a/pri/act# sho

citpl-dc-fw01a/pri/act# show pr

citpl-dc-fw01a/pri/act# show pro

citpl-dc-fw01a/pri/act# show processes cp

citpl-dc-fw01a/pri/act# show processes cpu-?

  cpu-hog    cpu-usage  

citpl-dc-fw01a/pri/act# show processes cpu-us



                                                    

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card