How to install Cisco PIX ASDM

Installing ASDM is normally a painless process; however, many of us buy equipment from failed ISPs, Hosting providers, or equipment that has been refurbished. It's cheaper; however, the lack of documentation and support is a big pain. With that said, this article covers some of the ASDM issues and workarounds as well as the actual installation of ASDM.

I am basing this article on PIX software version 7.0(2) and ASDM 5.0. You will likely need to upgrade your PIX to 7.0 before installing ASDM. Previous versions of the PIX software worked with Cisco's PDM such as PIX 6.2, & 6.3(4). Please note that if you are currently using a PIX 515 or 515e appliance you will need a memory upgrade to install PIX 7.0. You can issue the show version command from the CLI to check the software version and model of your PIX.

The PIX 515/515e series total memory should be 32MB. You will need 64MB for PIX 7.0 & ASDM. For reference, the Cisco part number for this upgrade, at the time of this writing, is PIX-515-MEM-32=.

Please refer to Cisco's documentation to upgrade the PIX. Downgrading the PIX after the installation of 7.0 is supported. You can downgrade back to 6.x; however, you will need to remove ASDM if this happens. ASDM is not supported on Cisco PIX 6.x software.

Please note also that upgrading a PIX appliance in a failover set from 6.x to 7.x is a major upgrade and cannot be done without downtime. Upgrading to 7.x in a failover set is documented by Cisco, and this documentation can be found on Cisco's Website.

After the upgrade to 7.x is complete, we can start the process of installing ASDM. Be sure to hav...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Routing and Switching Dynamic IP routing and routing protocols Monitor your network traffic with MRTG How routers work: An overview for networking pros Secure Cisco routers against IOS flaw attack Network summarization -- Supernetting and wildcard masks Routing: Five common, easily avoided errors Router Expert: Building a WLAN proxy server, implementing ASR Router Expert: Building a WLAN proxy server, implementing WPAD Cisco IOS IP routing: Static routes Router Expert: Building a WLAN proxy server, DHCP services: Part 2 Network Security Best Practices and Products 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices Network Hardware 3Com acquisition confirms HP-Cisco battle for China Juniper to CIOs: Invest in internal cloud computing networks 802.11n wireless APs bring IP video to sprawling Illinois high school 802.11n upgrade: College ditches legacy network for new vendor Network device management overload: Engineers managing too many boxes What is network infrastructure and what is a hybrid network? What preventative maintenance procedures for network devices exist? Can wireless adapters operate as client access points to make SoftAPs? Is there VLAN software recommend for Realtek NICs? IBM data center networking strategy: Battle HP with partnerships Network Hardware Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) dynamic packet filter  (SearchNetworking.com) HELLO packet  (SearchNetworking.com) packet filtering  (SearchNetworking.com) rule base  (SearchNetworking.com) stateful inspection  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

e your ASDM image from Cisco's Website. You can download it on the same page where you normally obtain Cisco's PIX software.

Installing ASDM

Let's get started. Below are the commands we need to issue and the steps to get ASDM going:

1. Login to the PIX and go to enable mode: "pix> enable"
2. Once in enable mode, enter the command "copy tftp flash" You will now be prompted for a few bits of information as listed below:
3. "Address or name of remote host [x.x.x.x]? <tftp_server_ip>" Here you will need to enter the IP address of the TFTP server that holds the ASDM image. Press enter to continue.
4. "Source file name [cdisk]? <filename>" Enter the filename of the ASDM image, for example: asdm502.bin for ASDM version 5.0(2) . Press enter to continue.
5. "Destination file name [asdm502.bin]?" There's really nothing to do here unless you really want to rename the image you are transferring. So press enter here.
6. We need to tell the PIX where ASDM is.so we will issue the following command in config mode. At the CLI type "conf t" or "configure terminal" if you prefer the long way. Once in config mode "pix(config)#" then type "asdm image flash:asdm502.bin" and press enter.
7. Now that we have our PIX knowing where ASDM is, issue the "write mem" or "write memory" command to the PIX. You will see a message that it is building configuration and then it will return to the "pix(config)#". At this point we have asdm installed.

In order to access ASDM we need to do a few things; otherwise, the PIX will deny the traffic and tear down the connection. In order to allow the connection we need to issue the following commands from config mode:

Now you can try and connect to ASDM using https://x.x.x.x/admin, where x.x.x.x is the IP address of the inside interface on the PIX.

Please note that ASDM can be accessed from the outside interface as well. You need to make sure that when you add the "http x.x.x.x z.z.z.z <interface>" command that you specify the interface as outside and that it is being accessed from a secure computer. This is not recommended, however, due to the power of ASDM; putting it on a publicly accessible network isn't the best idea.

ASDM should be complete and working. Log in with your PIX enable password and it's off to the races -- unless you have a problem. In the second half of this tip, we'll look at troubleshooting ASDM. I'll also provide sample output for your reference.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.