The ASDM user interface is designed to provide easy access to the many features that the adaptive security appliance supports. The ASDM user interface includes the following elements:
A menu bar that provides quick access to files, tools, wizards, and help. Many menu items also have keyboard shortcuts.
A toolbar that enables you to navigate ASDM. From the toolbar you can access the home, configuration, and monitoring panes. You can also get help and navigate between panes.
A dockable left Navigation pane to move through the Configuration and Monitoring panes. You can click one of the three buttons in the header to maximize or restore this pane, make it a floating pane that you can move, hide it, or close it. To access the Configuration and Monitoring panes, you can do one of the following:
Click links on the left side of the application window in the left Navigation pane. The Content pane then displays the path (for example, Configuration > Device Setup > Startup Wizard) in the title bar of the selected pane.
If you know the exact path, you can type it directly into the title bar of the Content pane on the right side of the application window, without clicking any links in the left Navigation pane.
A maximize and restore button in the right corner of the Content pane that lets you hide and show the left Navigation pane.
A dockable device list pane with a list of devices that you can access through ASDM. You can click one of the three buttons in the header to maximize or restore this pane, make it a floating pane that you can move, hide it, or close it. For more information, see the See Device List.
A status bar that shows the time, connection status, user, memory status, running configuration status, privilege level, and SSL status at the bottom of the application window.
A left Navigation pane that shows various objects that you can use in the rules tables when you create access rules, NAT rules, AAA rules, filter rules, and service rules. The tab titles within the pane change according to the feature that you are viewing. In addition, the ASDM Assistant appears in this pane.
Tool tips have been added for various parts of the GUI, including Wizards, the Configuration and Monitoring panes, and the Status Bar. To view tool tips, hover your mouse over a specific user interface element, such as an icon in the status bar.
Navigating in the ASDM User Interface
To move efficiently throughout the ASDM user interface, you may use a combination of menus, the toolbar, dockable panes, and the left and right Navigation panes, which are described in the previous section. The available functions appear in a list of buttons below the Device List pane. An example list could include the following function buttons:
Trend Micro Content Security
Botnet Traffic Filter
Remote Access VPN
Site to Site VPN
The list of function buttons that appears is based on the licensed features that you have purchased. Click each button to access the first pane in the selected function for either the Configuration view or the Monitoring view. The function buttons are not available in the Home view.
To change the display of function buttons, perform the following steps:
Choose the drop-down list below the last function button to display a context menu.
Choose one of the following options:
To show more buttons, click Show More Buttons .
To show fewer buttons, click Show Fewer Buttons .
To add or remove buttons, click Add or Remove Buttons , then click the button to add or remove from the list that appears.
To change the sequence of the buttons, choose Option to display the Option dialog box, which displays a list of the buttons in their current order. Then choose one of the following:
To move up a button in the list, click Move Up .
To move down a button in the list, click Move Down .
To return the order of the items in the list to the default setting, click Reset .
To save your settings and close this dialog box, click OK .
You can access ASDM menus using the mouse or keyboard. For information about accessing the menu bar from the keyboard, see the See Keyboard Shortcuts.
The File menu lets you manage adaptive security appliance configurations. The following table lists the tasks that you can perform using the File menu.
File Menu Item
Refresh ASDM with the Running Configuration on the Device
Loads a copy of the running configuration into ASDM.
Ensures that ASDM has a current copy of the running configuration.
Reset Device to the Factory Default Configuration
Restores the configuration to the factory default. See the for more information.
Show Running Configuration in New Window
Displays the current running configuration in a new window.
Save Running Configuration to Flash
Writes a copy of the running configuration to flash memory.
Save Running Configuration to TFTP Server
Stores a copy of the current running configuration file on a TFTP server. See the for more information.
Save Running Configuration to Standby Unit
Sends a copy of the running configuration file on the primary unit to the running configuration of a failover standby unit.
Save Internal Log Buffer to Flash
Saves the internal log buffer to flash memory.
Prints the current page. We recommend landscape page orientation when you print rules. When you use Internet Explorer, permission to print was already granted when you originally accepted the signed applet.
Clear ASDM Cache
Removes local ASDM images. ASDM downloads images locally when you connect to ASDM.
Clear ASDM Password Cache
Removes the password cache if you have defined a new password and still have a existing password that is different than the new password.
Clear Internal Log Buffer
Empties the syslog message buffer.
The View menu lets you display various parts of the ASDM user interface. Certain items are dependent on the current view. You cannot select items that cannot be displayed in the current view. The following table lists the tasks that you can perform using the View menu.
View Menu Item
Displays the Home view.
Displays the Configuration view.
Displays the Monitoring view.
Display a list of devices in a dockable pane. See the See Device List for more information.
Shows and hides the display of the Navigation pane in the Configuration and Monitoring views.
Searches and finds useful ASDM procedural help about certain tasks. See the See ASDM Assistant for more information.
Shows and hides voice network information.
Latest ASDM Syslog Messages
Shows and hides the display of the Latest ASDM Syslog Messages pane in the Home view. This pane is only available in the Home view. If you do not have sufficient memory to upgrade to the most current release, syslog message %ASA-1-211004 is generated, indicating what the installed memory is and what the required memory is. This message reappears every 24 hours until the memory is upgraded.
Shows and hides the display of the Addresses pane. The Addresses pane is only available for the Access Rules, NAT Rules, Service Policy Rules, AAA Rules, and Filter Rules panes in the Configuration view.
Shows and hides the display of the Services pane. The Services pane is only available for the Access Rules, NAT Rules, Service Policy Rules, AAA Rules, and Filter Rules panes in the Configuration view.
Shows and hides the display of the Time Ranges pane. The Time Ranges pane is only available for the Access Rules, Service Policy Rules, AAA Rules, and Filter Rules panes in the Configuration view.
Shows and hides the display of the Global Pools pane. The Global Pools pane is only available for the NAT Rules pane in the Configuration view.
Find in ASDM
Locates an item for which you are searching, such as a feature or the ASDM Assistant.
Goes to the next pane previously visited. See the See Common Buttons for more information.
Returns the layout to the default configuration.
Office Look and Feel
Changes the screen fonts and colors to the Microsoft Office settings.
The Tools menu provides you with the following series of tools to use in ASDM.
Tools Menu Item
Command Line Interface
Sends commands to the adaptive security appliance and view the results. See the for more information.
Show Commands Ignored by ASDM on Device
Displays unsupported commands that have been ignored by ASDM. See the for more information.
Traces a packet from a specified source address and interface to a destination. You can specify the protocol and port of any type of data and view the lifespan of a packet, with detailed information about actions taken on it. See the for more information.
Verifies the configuration and operation of the adaptive security appliance and surrounding communications links, as well as performs basic testing of other network devices. See the for more information.
Determines the route that packets will take to their destination. See the for more information.
Views, moves, copies, and deletes files stored in flash memory. You can also create a directory in flash memory. See the for more information. You can also transfer files between various file systems, including TFTP, flash memory, and your local PC. See the for more information.
Upgrade Software from Local Computer
Uploads a adaptive security appliance image, ASDM image, or another image on your PC to flash memory. See the dialog box for more information.
Check for ASA/ASDM Updates
Upgrades adaptive security appliance software and ASDM software through a wizard. See the for more information.
Backs up the adaptive security appliance configuration, a Cisco Secure Desktop image, and SSL VPN Client images and profiles. See the for more information.
Restores the adaptive security appliance configuration, a Cisco Secure Desktop image, and SSL VPN Client images and profiles. See the for more information.
Restarts the ASDM and reload the saved configuration into memory. See the for more information.
Administrator's Alerts to Clientless SSL VPN Users
Enable an administrator to send an alert message to clientless SSL VPN users. See the for more information.
Changes the behavior of specified ASDM functions between sessions. See the for more information.
ASDM Java Console
Shows the Java console. See the for more information.
The Wizards menu lets you run a wizard to configure multiple features. The following table lists the available Wizards and their features.
Wizards Menu Item
Guides you, step-by-step, through the initial configuration of the adaptive security appliance. For more information, see .
IPSec VPN Wizard
Enables you to configure an IPSec VPN policy on the adaptive security appliance. For more information, see the IPSec .
SSL VPN Wizard
Enables you to configure an SSL VPN policy on the adaptive security appliance. For more information, see the SSL.
High Availability and Scalability Wizard
Allows you to configure failover and VPN cluster load balancing on the adaptive security appliance. For more information, see .
Unified Communication Wizard
Enables you to configure unified communication features, such as an IP phone, on the adaptive security appliance. For more information, see the .
Packet Capture Wizard
Allows you to configure packet capture on the adaptive security appliance. The wizard runs one packet capture on each ingress and egress interface. After you run the capture, you can save it on your computer, and then examine and analyze the capture with a packet analyzer. For more information, see the .
The Window menu enables you to move between ASDM windows. The active window appears as the selected window.
The Help menu provides links to online Help, as well as information about ASDM and the adaptive security appliance. The following table lists the tasks that you can perform using the Help menu.
Help Menu Items
Opens a new browser window with help organized by contents, window name, and indexed in the left frame. Use these methods to find help for any topic, or search using the Search tab.
Help for Current Screen
Opens context-sensitive help about that screen. The wizard runs the screen, pane, or dialog box that is currently open. Alternatively, you can also click the question mark (? ) help icon.
Opens the most current version of the Release Notes for Cisco ASDM on Cisco.com. The release notes contain the most current information about ASDM software and hardware requirements, and the most current information about changes in the software.
Opens the ASDM Assistant, which lets you search downloadable content from Cisco.com, with details about performing certain tasks.
About Cisco Adaptive Security Appliance (ASA)
Displays information about the adaptive security appliance, including the software version, hardware set, configuration file loaded at startup, and software image loaded at startup. This information is helpful in troubleshooting.
About Cisco ASDM 6.3
Displays information about ASDM such as the software version, hostname, privilege level, operating system, device type, and Java version.
The Toolbar below the menus provides access to the Home view, Configuration view, and Monitoring view. It also lets you choose between the system and security contexts in multiple context mode, and provides navigation and other commonly used features. The following table lists the tasks that you can perform using the Toolbar.
Shows which context you are in. To open the context list in the left-hand pane, click the down arrow, then click the up arrow to restore the context drop-down list. After you have expanded this list, click the left arrow to collapse the pane, then the right arrow to restore the pane. To manage the system, choose System from the drop-down list. To manage the context, choose one from the drop-down list.
Displays the Home pane, which lets you view important information about your adaptive security appliance such as the status of your interfaces, the version you are running, licensing information, and performance. See the See Home Pane (Single Mode and Context) for more information. In multiple mode, the system does not have a Home pane.
Configures the adaptive security appliance. Click a function button in the left Navigation pane to configure that function.
Monitors the adaptive security appliance. Click a function button in the left Navigation pane to configure that function.
Returns to the last pane of ASDM that you visited.
Goes forward to the last pane of ASDM that you visited.
Searches for a feature in ASDM. The Search function looks through the titles of each pane and presents you with a list of matches, and gives you a hyperlink directly to that pane. If you need to switch quickly between two different panes that you found, click Back or Forward . See the See ASDM Assistant for more information.
Refreshes ASDM with the current running configuration, except for graphs in any of the Monitoring panes.
Saves the running configuration to the startup configuration for write-accessible contexts only.
Shows context-sensitive help for the screen that is currently open.
The ASDM Assistant lets you search and view useful ASDM procedural help about certain tasks. This feature is available in routed and transparent modes, and in the single and system contexts.
To access information, choose View > ASDM Assistant > How Do I? or enter a search request from the Look For field in the menu bar. From the Find drop-down list, choose How Do I? to begin the search.
To use the ASDM Assistant, perform the following steps:
In the main ASDM application window, choose View > ASDM Assistant .
The ASDM Assistant pane appears.
In the Search field, enter the information that you want to find, and click Go .
The requested information appears in the Search Results pane.
Click any links that appear in the Search Results and Features areas to obtain more details.
The status bar appears at the bottom of the ASDM window. The following table lists the areas shown from left to right.
The status of the configuration (for example, "Device configuration loaded successfully.")
The status of the failover unit, either active or standby.
The username of the ASDM user. If you logged in without a username, the username is "admin."
The privilege of the ASDM user.
Commands Ignored by ASDM
Click the icon to show a list of commands from your configuration that ASDM did not process. These commands will not be removed from the configuration.
The syslog connection is up, and the adaptive security appliance is being monitored.
The connection to ASDM is secure because it uses SSL.
The time that is set on the adaptive security appliance.
Connection to Device
ASDM maintains a constant connection to the adaptive security appliance to maintain up-to-date Monitoring and Home pane data. This dialog box shows the status of the connection. When you make a configuration change, ASDM opens a second connection for the duration of the configuration, and then closes it; however, this dialog box does not represent the second connection.
The device list is a dockable pane. You can click one of the three buttons in the header to maximize or restore this pane, make it a floating pane that you can move, hide it, or close it. This pane is available in the Home, Configuration, Monitoring, and System views. You can use this pane to switch to another device; however, that device must run the same version of ASDM that you are currently running. To display the pane fully, you must have at least two devices listed. This feature is available in routed and transparent modes, and in the single, multiple, and system contexts.
To use this pane to connect to another device, perform the following steps:
Click Add to add another device to the list.
The Add Device dialog box appears.
In the Device/IP Address/Name field, type the device name or IP address of the device, and then click OK .
Click Delete to remove a selected device from the list.
Click Connect to connect to another device.
The Enter Network Password dialog box appears.
Type your username and password in the applicable fields, and then click Login.
Device Environment Status
Many ASDM panes include buttons that are listed in the following table. Click the applicable button to complete the desired task:
Sends changes made in ASDM to the adaptive security appliance and applies them to the running configuration.
Writes a copy of the running configuration to flash memory.
Discards changes and reverts to the information displayed before changes were made or the last time that you clicked Refresh or Apply. After you click Reset , click Refresh to make sure that information from the current running configuration appears.
Clears the selected settings and returns to the default settings.
Discards changes and returns to the previous pane.
Displays read-only statistics for a feature.
Closes an open dialog box.
Remove information from a field, or remove a check from a check box.
Returns to the previous pane.
Goes to the next pane.
Displays help for the selected pane or dialog box.
You can use the keyboard to navigate the ASDM user interface.
By default, labels and descriptions are not included in tab order when you press the Tab key to navigate a pane. Some screen readers, such as JAWS, only read screen objects that have the focus. You can include the labels and descriptions in the tab order by enabling extended screen reader support.
To enable extended screen reader support, perform the following steps:
In the main ASDM application window, choose Tools > Preferences .
The Preferences dialog box appears.
On the General tab, check the Enable screen reader support check box.
Click OK .
Restart ASDM to activate screen reader support.
Some folders in the navigation pane for the configuration and monitoring views do not have associated configuration or monitoring panes. These folders are used to organize related configuration and monitoring tasks. Clicking these folders displays a list of sub-items in the right Navigation pane. You can click the name of a sub-item to go to that item.
To obtain the information that you need, click the applicable button listed in the following table.
Displays information about ASDM, including the hostname, version number, device type, adaptive security appliance software version number, privilege level, username, and operating system being used.
Searches for information among online help topics.
Describes the most efficient methods for using online help.
Lists terms found in ASDM and adaptive security appliances.
Displays a table of contents.
Lists help files by screen name.
Displays an index of help topics found in ASDM online help.
When you open help and a help page is already open, the new help page will appear in the same browser window. If no help page is open, then the help page will appear in a new browser window.
When you open help and Netscape Communicator is the default browser, the help page will appear in a new browser window. If Internet Explorer is the default browser, the help page may appear either in the last-visited browser window or in a new browser window, according to your browser settings. You can control this behavior in Internet Explorer by choosing Tools > Internet Options > Advanced > Reuse windows for launching shortcuts .
Home Pane (Single Mode and Context)
The ASDM Home pane lets you view important information about your adaptive security appliance. Status information in the home pane is updated every ten seconds. This pane usually has two tabs: Device Dashboard and Firewall Dashboard.
If you have a CSC SSM installed in your adaptive security appliance, the Content Security tab also appears in the Home pane. The additional tab displays status information about the CSC SSM software.
If you have IPS software installed in your adaptive security appliance, the Intrusion Prevention tab also appears in the Home pane. The additional tab displays status information about the IPS software.
The Device Dashboard tab lets you view, at a glance, important information about your adaptive security appliance, such as the status of your interfaces, the version you are running, licensing information, and performance.
This tab shows basic information about the adaptive security appliance, including the hostname, software version, and RAM.
If you do not have enough memory to upgrade to the most current release of the adaptive security appliance, the Memory Insufficient Warning dialog box appears. Follow the directions that appear in this dialog box to continue using the adaptive security appliance and ASDM in a supported manner. Click OK to close this dialog box.
This tab shows a subset of licensed features. To view detailed license information, or to enter a new activation key, click More Licenses ; the Configuration > Device Management > Licensing > Activation Key pane appears. See
Interface Status Pane
This pane shows the status of each interface. If you select an interface row, the input and output throughput in Kbps displays below the table.
VPN Sessions Pane
This pane shows the VPN tunnel status. Click Details to go to the Monitoring > VPN > VPN Statistics > Sessions pane.
Failover Status Pane
This pane shows the failover status.
Click Configure to start the High Availability and Scalability Wizard. After you have completed the wizard, the failover configuration status (either Active/Active or Active/Standby) appears.
If failover is configured, click Details to open the Monitoring > Properties > Failover > Status pane.
System Resources Status Pane
This pane shows CPU and memory usage statistics.
Traffic Status Pane
This pane shows graphs for connections per second for all interfaces and for the traffic throughput of the lowest security interface.
When your configuration contains multiple lowest security level interfaces, and any one of them is named "outside," then that interface is used for the traffic throughput graphs. Otherwise, ASDM picks the first interface from the alphabetical list of lowest security level interfaces.
Latest ASDM Syslog Messages Pane
This pane shows the most recent system messages generated by the adaptive security appliance, up to a maximum of 100 messages. If logging is disabled, click Enable Logging to enable logging.
Expands the pane. To return the pane to the default size, click the double-square icon.
Makes a floating pane. To dock the pane, click the docked pane icon.
Enables or disables Auto-hide. When Auto-hide is enabled, move your cursor over the Latest ASDM Syslog Messages button in the left, bottom corner and the pane displays. Move your cursor away from the pane, and it disappears.
Closes the pane. To show the pane, choose View Latest ASDM Syslog Messages.
To continue updating the display of syslog messages, click the green icon on the right-hand side.
To stop updating the display of syslog messages, click the red icon on the right-hand side.
To open the Logging Filters pane, click the filters icon on the right-hand side.
To clear the current messages, right-click an event and click Clear Content .
To save the current messages to a file on your PC, right-click an event and click Save Content .
To copy the current content, right-click an event and click Copy .
To change the background and foreground colors of syslog messages according to their severity, right-click an event and click Color Settings .
Firewall Dashboard Tab
The Firewall Dashboard tab lets you view important information about the traffic passing through your adaptive security appliance. This dashboard differs depending on whether you are in single context mode or multiple context mode. In multiple context mode, the Firewall Dashboard is viewable within each context.
Enabled by default. If you disable basic threat detection (see the ), then this area includes an Enable button that lets you enable basic threat detection. The runtime statistics include the following information, which is display-only :
The number of connections and NAT translations.
The rate of dropped packets per second caused by access list denials and application inspections.
The rate of dropped packets per second that are identified as part of a scanning attack, or that are incomplete sessions detected, such as TCP SYN attack detected or no data UDP session attack detected.
Top 10 Access Rules Pane
Enabled by default. If you disable threat detection statistics for access rules (see the ), then this area includes an Enable button that lets you enable statistics for access rules.
In the Table view, you can select a rule in the list and right-click the rule to display a popup menu item, Show Rule . Choose this item to go to the Access Rules table and select that rule in this table.
Top Usage Status Pane
Disabled by default. This area includes Enable buttons that let you enable the features, or you can enable them according to the . The Top 10 Services Enable button enables statistics for both ports and protocols (both must be enabled for the display). The Top 10 Sources and Top 10 Destinations Enable buttons enable statistics for hosts. The top usage status statistics for hosts (sources and destinations), and ports and protocols are displayed.
Enabling statistics can affect the adaptive security appliance performance, depending on the type of statistics enabled. Enabling statistics for hosts affects performance in a significant way; if you have a high traffic load, you might consider enabling this type of statistics temporarily. Enabling statistics for ports, however, has a modest effect.
Top Ten Protected Servers Under SYN Attack Pane
Disabled by default. This area includes an Enable button that lets you enable the feature, or you can enable it according to the . Statistics for the top ten protected servers under attack are displayed.
For the average rate of attack, the adaptive security appliance samples the data every 30 seconds over the rate interval (by default 30 minutes).
If there is more than one attacker, then "<various>" displays, followed by the last attacker IP address.
Click Detail to view statistics for all servers (up to 1000) instead of just 10 servers. You can also view history sampling data. The adaptive security appliance samples the number of attacks 60 times during the rate interval, so for the default 30-minute period, statistics are collected every 60 seconds.
Top 200 Hosts Pane
Disabled by default. Shows the top 200 hosts connected through the adaptive security appliance. Each entry of a host contains the IP address of the host and the number of connections initiated by the host, and is updated every 120 seconds. To enable this display, enter the hpm topnenable command.
Top Botnet Traffic Filter Hits Pane
Disabled by default. This area includes links to configure the Botnet Traffic Filter. Reports of the top ten botnet sites, ports, and infected hosts provide a snapshot of the data, and may not match the top ten items since statistics started to be collected. If you right-click an IP address, you can invoke the whois tool to learn more about the botnet site.
For more information, see .
Content Security Tab
The Content Security tab lets you view important information about the Content Security and Control (CSC) SSM. This pane appears only if CSC software running on the CSC SSM is installed in the adaptive security appliance.
For an introduction to the CSC SSM, see the .
If you have not completed the CSC Setup Wizard by choosing Configuration > Trend Micro Content Security > CSC Setup , you cannot access the panes under Home > Content Security. Instead, a dialog box appears and lets you access the CSC Setup Wizard directly from this location.
Threat Summary pane. Shows aggregated data about threats detected by the CSC SSM, including the following threat types: Virus, Spyware, URL Filtered or Blocked, Spam. Blocked, Files Blocked, and Damage Control Services.
System Resources Status pane.
Email Scan pane. The graphs display data in ten-second intervals.
Latest CSC Security Events pane.
Intrusion Prevention Tab
The Intrusion Prevention tab lets you view important information about IPS. This tab appears only when you have IPS software running on the AIP SSM that is installed on the adaptive security appliance.
To connect to the IPS software on the AIP SSM, perform the following steps:
In the main ASDM application window, click the Intrusion Prevention tab.
In the Connecting to IPS dialog box, choose one of the following options:
Management IP Address, which connects to the IP address of the management port on the SSM.
Other IP Address or Hostname, which connects to an alternate IP address or hostname on the SSM.
Enter the port number in the Port field, and then click Continue .
In the Enter Network Password dialog box, type your username and password in the applicable fields, and then click Login .
For more information about intrusion prevention, see .
The ASDM System Home pane lets you view important status information about your adaptive security appliance. Many of the details available in the ASDM System Home pane are available elsewhere in ASDM, but this pane shows at-a-glance how your adaptive security appliance is running. Status information in the System Home pane is updated every ten seconds.