Cisco ASA 1000V ASDM Configuration Guide, 6.7
Getting Started
Downloads: This chapterpdf (PDF - 212.0KB) The complete bookPDF (PDF - 11.09MB) | Feedback

Getting Started

Table Of Contents

Getting Started

Deploying and Powering Up the ASA 1000V

Default Configuration after Deployment

Accessing the ASA 1000V Command-Line Interface

Starting ASDM

Connecting to ASDM for the First Time

Starting ASDM from the ASDM-IDM Launcher

Starting ASDM from the Java Web Start Application

Using ASDM in Demo Mode

Getting Started with the Configuration

Using the Command Line Interface Tool in ASDM

Using the Command Line Interface Tool

Handling Command Errors

Using Interactive Commands

Avoiding Conflicts with Other Administrators

Showing Commands Ignored by ASDM on the Device

ASA 1000V File Storage


Getting Started


This chapter describes how to get started with your ASA 1000V. This guide covers ASDM mode configuration, where you can use ASDM and the ASA 1000V CLI for your configuration. If you are using VNMC mode, see the VNMC documentation to complete your configuration.

As part of your deployment, you pre-configure the management interface for ASDM access. This chapter includes information to help you get started with ASDM.

This chapter includes the following sections:

Deploying and Powering Up the ASA 1000V

Accessing the ASA 1000V Command-Line Interface

Starting ASDM

Getting Started with the Configuration

Using the Command Line Interface Tool in ASDM

ASA 1000V File Storage

Deploying and Powering Up the ASA 1000V

For detailed instructions on deploying and powering up the ASA 1000V, see the Getting Started Guide.

Default Configuration after Deployment

When you deploy the ASA 1000V, you can pre-set many parameters that let you connect to the Management 0/0 interface using ASDM. A typical configuration includes the following settings:

Management 0/0 interface:

Named "management"

IP address or DHCP

Security level 0

Management-only

Static route from the management interface to the management host IP address through the default gateway

Static route from the management interface to the VNMC IP address through the default gateway

ASDM server enabled

ASDM access for the management host IP address


Accessing the ASA 1000V Command-Line Interface

In some cases, you may need to use the CLI for troubleshooting.

For initial configuration or troubleshooting, access the CLI from the virtual console provided through the VMware vSphere Client. Later, you can configure CLI remote access using Telnet or SSH according to Chapter 19 "Configuring Management Access."

Detailed Steps


Step 1 In the VMware vSphere Client, choose Home > Inventory > Hosts and Clusters, and then choose the ASA 1000V instance that you deployed and powered up.

Step 2 In the right pane, click the Console tab.

Step 3 You see the following prompt:

hostname>

This prompt indicates that you are in user EXEC mode. Only basic commands are available from user EXEC mode.

Step 4 To access privileged EXEC mode, enter the following command:

hostname> enable
 
   

The following prompt appears:

Password:
 
   

Step 5 Enter the enable password at the prompt.

By default, the password is blank, and you can press the Enter key to continue. See the "Configuring the Hostname, Domain Name, and Passwords" section to change the enable password.

The prompt changes to:

hostname#
 
   

All non-configuration commands are available in privileged EXEC mode. You can also enter configuration mode from privileged EXEC mode.

To exit privileged mode, enter the disable, exit, or quit command.

Step 6 To access global configuration mode, enter the following command:

hostname# configure terminal
 
   

The prompt changes to the following:

hostname(config)#
 
   

You can begin to configure the ASA 1000V from global configuration mode. To exit global configuration mode, enter the exit, quit, or end command.


Starting ASDM

You can start ASDM using two methods:

ASDM-IDM Launcher (Windows only)—The Launcher is an application downloaded from the ASA 1000V using a web browser that you can use to connect to any ASA 1000V IP address. You do not need to re-download the launcher if you want to connect to other ASA 1000Vs. The Launcher also lets you run a virtual ASDM in Demo mode using files downloaded locally.

Java Web Start—For each ASA 1000V that you manage, you need to connect with a web browser and then save or launch the Java Web Start application. You can optionally save the application to your PC; however you need separate applications for each ASA 1000V IP address.


Note Within ASDM, you can choose a different ASA 1000V IP address to manage; the difference between the Launcher and Java Web Start application functionality rests primarily in how you initially connect to the ASA 1000V and launch ASDM.


This section describes how to connect to ASDM initially, and then launch ASDM using the Launcher or the Java Web Start application. This section includes the following topics:

Connecting to ASDM for the First Time

Starting ASDM from the ASDM-IDM Launcher

Starting ASDM from the Java Web Start Application

Using ASDM in Demo Mode


Note ASDM allows multiple PCs or workstations to each have one browser session open with the same ASA 1000V software. A single ASA 1000V can support up to five concurrent ASDM sessions. Only one session per browser per PC or workstation is supported for a specified ASA 1000V.


Connecting to ASDM for the First Time

To connect to ASDM for the first time to download the ASDM-IDM Launcher or Java Web Start application, perform the following steps:


Step 1 From a supported web browser on the ASA 1000V network, enter the following URL:

https://interface_ip_address/admin
 
   

Where interface_ip_address is the management IP address of the ASA 1000V.

See the ASDM release notes for your release for the requirements to run ASDM.

The ASDM launch page appears with the following buttons:

Install ASDM Launcher and Run ASDM (Windows only)

Run ASDM

Run Startup Wizard

Step 2 To download the Launcher:

a. Click Install ASDM Launcher and Run ASDM.

b. Enter the username and password, and click OK. For a factory default configuration, leave these fields empty. With no HTTPS authentication configured, you can gain access to ASDM with no username and the enable password, which is blank by default. With HTTPS authentication enabled, enter your username and associated password.

c. Save the installer to your PC, and then start the installer. The ASDM-IDM Launcher opens automatically after installation is complete.

d. See the "Starting ASDM from the ASDM-IDM Launcher" section to use the Launcher to connect to ASDM.

Step 3 To use the Java Web Start application:

a. Click Run ASDM or Run Startup Wizard.

b. Save the application to your PC when prompted. You can optionally open it instead of saving it.

c. See the "Starting ASDM from the Java Web Start Application" section to use the Java Web Start application to connect to ASDM.


Starting ASDM from the ASDM-IDM Launcher

To start ASDM from the ASDM-IDM Launcher, perform the following steps.

Prerequisites

Download the ASDM-IDM Launcher according to the "Connecting to ASDM for the First Time" section.

Detailed Steps


Step 1 Start the ASDM-IDM Launcher application.

Step 2 Enter or choose the ASA 1000V IP address or hostname to which you want to connect. To clear the list of IP addresses, click the trash can icon next to the Device/IP Address/Name field.

Step 3 Enter your username and your password, and then click OK.

For a factory default configuration, leave these fields empty. With no HTTPS authentication configured, you can gain access to ASDM with no username and the enable password, which is blank by default. With HTTPS authentication enabled, enter your username and associated password.

If there is a new version of ASDM on the ASA 1000V, the ASDM Launcher automatically downloads the new version and requests that you update the current version before starting ASDM.

The main ASDM window appears.


Starting ASDM from the Java Web Start Application

To start ASDM from the Java Web Start application, perform the following steps.

Prerequisites

Download the Java Web Start application according to the "Connecting to ASDM for the First Time" section.

Detailed Steps


Step 1 Start the Java Web Start application.

Step 2 Accept any certificates according to the dialog boxes that appear. The Cisco ASDM-IDM Launcher appears.

Step 3 Enter the username and password, and click OK. For a factory default configuration, leave these fields empty. With no HTTPS authentication configured, you can gain access to ASDM with no username and the enable password, which is blank by default. With HTTPS authentication enabled, enter your username and associated password.

The main ASDM window appears.


Using ASDM in Demo Mode

The ASDM Demo Mode, a separately installed application, lets you run ASDM without having a live device available. In this mode, you can do the following:

Perform configuration and selected monitoring tasks via ASDM as though you were interacting with a real device.

Demonstrate ASDM or ASA 1000V features using the ASDM interface.

Obtain simulated monitoring and logging data, including real-time syslog messages. The data shown is randomly generated; however, the experience is identical to what you would see when you are connected to a real device.

This mode does not support the following:

Saving changes made to the configuration that appear in the GUI.

File or disk operations.

Historical monitoring data.

Non-administrative users.

These features:

File menu:

Save Running Configuration to Flash

Save Running Configuration to TFTP Server

Save Running Configuration to Standby Unit

Save Internal Log Buffer to Flash

Clear Internal Log Buffer

Tools menu:

Command Line Interface

Ping

File Management

Update Software

File Transfer

Upload Image from Local PC

System Reload

Toolbar/Status bar > Save

Configuration > Interface > Edit Interface > Renew DHCP Lease

Configuring a standby device after failover

Operations that cause a rereading of the configuration, in which the GUI reverts to the original configuration:

\Making changes in the Interface pane

NAT pane changes

Clock pane changes

To run ASDM in Demo Mode, perform the following steps:


Step 1 Download the ASDM Demo Mode installer, asdm-demo-version.msi, from the following location: http://www.cisco.com/cisco/web/download/index.html.

Step 2 Double-click the installer to install the software.

Step 3 Double-click the Cisco ASDM Launcher shortcut on your desktop, or open it from the Start menu.

Step 4 Check the Run in Demo Mode check box.

The Demo Mode window appears.


Getting Started with the Configuration

To configure and monitor the ASA 1000V, perform the following steps:


Step 1 For initial configuration using the Startup Wizard, choose Wizards > Startup Wizard.

Step 2 To use the Site-to-Site VPN Wizard to configure site-to-site VPN connections, choose Wizards > VPN Wizards > Site-to-Site Wizard and complete each screen that appears.

Step 3 To configure high availability and scalability settings, choose Wizards > High Availability and Scalability Wizard. See the "Configuring Failover with the High Availability and Scalability Wizard" section for more information.

Step 4 To use the Packet Capture Wizard to configure packet capture, choose Wizards > Packet Capture Wizard.

Step 5 To display different colors and styles available in the ASDM GUI, choose View > Office Look and Feel.

Step 6 To configure features, click the Configuration button on the toolbar and then click one of the feature buttons to display the associated configuration pane.


Note If the Configuration screen is blank, click Refresh on the toolbar to display the screen content.


Step 7 To monitor the ASA 1000V, click the Monitoring button on the toolbar and then click a feature button to display the associated monitoring pane.



Note ASDM supports up to a maximum of a 512 KB configuration. If you exceed this amount, you may experience performance issues.


Using the Command Line Interface Tool in ASDM

This section tells how to enter commands using ASDM, and how to work with the CLI. This section includes the following topics:

Using the Command Line Interface Tool

Handling Command Errors

Using Interactive Commands

Avoiding Conflicts with Other Administrators

Showing Commands Ignored by ASDM on the Device

Using the Command Line Interface Tool

This feature provides a text-based tool for sending commands to the ASA 1000V and viewing the results.

The commands you can enter with the CLI tool depend on your user privileges. See the "Information About Authorization" section for more information. Review your privilege level in the status bar at the bottom of the main ASDM application window to ensure that you have the required privileges to execute privileged-level CLI commands.


Note Commands entered via the ASDM CLI tool might function differently from those entered through a terminal connection to the ASA 1000V. Not all commands are available on the ASA 1000V platform.


To use the CLI tool, perform the following steps:


Step 1 In the main ASDM application window, choose Tools > Command Line Interface.

The Command Line Interface dialog box appears.

Step 2 Choose the type of command (single line or multiple line) that you want, and then choose the command from the drop-down list, or type it in the field provided.

Step 3 Click Send to execute the command.

Step 4 To enter a new command, click Clear Response, and then choose (or type) another command to execute.

Step 5 Check the Enable context-sensitive help (?) check box to provide context-sensitive help for this feature. Uncheck this check box to disable the context-sensitive help.

Step 6 After you have closed the Command Line Interface dialog box, if you changed the configuration, click Refresh to view the changes in ASDM.


Handling Command Errors

If an error occurs because you entered an incorrect command, the incorrect command is skipped and the remaining commands are processed. A message appears in the Response area to inform you whether or not any error occurred, as well as other related information.


Note ASDM supports almost all CLI commands. See the command reference for a list of commands.


Using Interactive Commands

Interactive commands are not supported in the CLI tool. To use these commands in ASDM, use the noconfirm keyword if available, as shown in the following command:

crypto key generate rsa modulus 1024 noconfirm

Avoiding Conflicts with Other Administrators

Multiple administrative users can update the running configuration of the ASA 1000V. Before using the ASDM CLI tool to make configuration changes, check for other active administrative sessions. If more than one user is configuring the ASA 1000V at the same time, the most recent changes take effect.

To view other administrative sessions that are currently active on the same ASA 1000V, choose Monitoring > Properties > Device Access.

Showing Commands Ignored by ASDM on the Device

This feature lets you show the list of commands that ASDM does not support. Typically, ASDM ignores them. ASDM does not change or remove these commands from your running configuration. See the "Unsupported Commands" section for more information.

To display the list of unsupported commands for ASDM, perform the following steps:


Step 1 In the main ASDM application window, choose Tools > Show Commands Ignored by ASDM on Device.

Step 2 Click OK when you are done.


ASA 1000V File Storage

During OVF template file deployment, 2 GB of storage are allotted to maintain system, configuration, and image files on the host server. These files appear in disk0 on the ASA 1000V.