05-04-2009 09:42 AM - edited 03-11-2019 08:27 AM
We recently upgraded our PIX-525 from v6.3.5 to v8.0.4. All went well with the upgrade. We formerly used the PDM for management of the PIX. Now, I see that the ASDM is used.
My question is: How is the ASDM installed for the first time? I have tried searching artlicles, and all I can seem to find is how to upgrade, but not install initially.
I have already performed:
1. Download ASDM.bin image and TFTP to flash on PIX (copy tftp flash)
2. Entered "asdm image flash:/asdm.bin"
3. "http server enable"
4. "asdm history enable"
and then saved and reloaded.
However, I am still unable to access the ASDM. What am I missing? Any advice or links to articles on initial ASDM install would be appreciated.
05-04-2009 09:52 AM
I'm not sure by what you mean you can't access it, but you'll need to give yourself access.
http 192.168.1.1 inside
The address is whatever your host or network you want to allow to use ASDM, and "inside" is the interface you'll be coming in on.
HTH,
John
05-04-2009 10:04 AM
I have allowed access, but I simply get a "Cannot Connect" error from my browser. I have used nmap to scan the PIX's inside interface, and it does show port 443 open.
One thing I noticed is that no certificate info is shown in the PIX config. Do I need to install a new SSL certificate in order to be able to connect using HTTPS?
Also, I am using the URL https://192.168.1.1/asdm Is this correct?
05-04-2009 11:30 AM
Ben
In my experience it is sufficient to just:
I do not believe that you need /asdm
If you just https to the device it should prompt you about ASDM and give you a choice about downloading the GUI.
[edit] while a new SSL certificate may be desirable it is certainly not required for ASDM to work. I have ASDM on several boxes with self signed certificates and they work.
HTH
Rick
05-04-2009 11:51 AM
I'm still not getting anything. How do I create a new cert?
Also, when I TFTP the image, I just used "copy tftp flash." An associate of mine said that on older versions of the PIX, to install the PDM you had to tell it during the TFTP command, something like "copy tftp flash:pdm" Could the ASDM require the same type of command?
05-04-2009 12:46 PM
Well, first, you need to make sure that you have the correct asdm bin file for the version of IOS you're running. You can tell that when you go to download the file. Copying via tftp to flash is fine. You don't have to pass any other parameters.
To generate a key, you can do:
crypt key generate rsa general-keys mod 1024
HTH,
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide