I'm using Cisco ASA 5510
console to it, i would like to to start from zero.. so i'll reset it to default setting
vpn-lab# conf t
vpn-lab(config)# conf factory-default
Based on the management IP address and mask, the DHCP address
pool size is reduced to 253 from the platform limit 256
Based on the management IP address and mask, the DHCP address
pool size is reduced to 253 from the platform limit 256
......
ciscoasa(config)#wri mem
ciscoasa(config)#reload this will reset to default-factory setting, remember to save to startup config and reload
in the mean time, go to cisco.com to download lastest ASA and ASDM software
let's upgrade it now, i have TFTP server at address 172.16.1.1
ciscoasa# copy tftp flash
Address or name of remote host []? 10.239.131.3
Source filename []? asa823-k8.bin
Destination filename [asa823-k8.bin]?
Address or name of remote host []? 10.239.131.3
Source filename []? asa823-k8.bin
Destination filename [asa823-k8.bin]?
do the same for ASDM
ciscoasa# copy tftp disk0:
Address or name of remote host [10.239.131.3]?
Source filename [asa823-k8.bin] asdm-634.bin
Address or name of remote host [10.239.131.3]?
Source filename [asa823-k8.bin] asdm-634.bin
Destination filename [asa823-k8.bin]?
now both file should be ready inside your ASA, deploy it
ciscoasa(config)# boot system disk0:/asa823-k8.bin
ciscoasa(config)# asdm image disk0:/asdm-634.bin
ciscoasa(config)# asdm image disk0:/asdm-634.bin
ciscoasa(config)# wri mem
ciscoasa(config)# reload
to confirm everything ok
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(3)6
Device Manager Version 6.0(2)
Compiled on Thu 17-Jan-08 17:42 by builders
System image file is "disk0:/asa803-6-k8.bin"
Config file at boot was "startup-config"
...
to access ASDM, configure the management interface
ciscoasa# sh int ip br
...
Management0/0 192.168.1.1 YES CONFIG up up
...
Management0/0 192.168.1.1 YES CONFIG up up
check the interface IP address
ciscoasa# sh run interface management 0/0
!
interface Management0/0
..
ip address 192.168.1.1 255.255.255.0
management-only
make sure DHCP enable on the interface, so you just need to plug your RJ-45 from your host to ASA mgt interface without need to set anything
ciscoasa# sh run | i dhcpd
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
if the line is still not there, just apply those two lines. Now open your browser .. type https://192.168.1.1 .. then run your ASDM
what if you want to access it from your network... ok, for example your subnet is 172.16.1.0/24 and gateway is 172.16.1.99
first set route on Management Interface
ciscoasa# route management 0.0.0.0 0.0.0.0 172.16.1.99
and set the ip for your interface
ciscoasa(config)# int management 0/0
ciscoasa(config-if)# ip address 172.16.1.5 255.255.255.0
last thing to do is to define a range of IP to be allowed access the ASA using HTTPS/ASDM
in this lab i put any IP address
ciscoasa(config-if)# http 0.0.0.0 0.0.0.0 management
You're such a Champ! I have spent SO much time trying to figure out how to access this damn management interface after resetting everything to factory default and just the one line "route management ..." solved everything. Cheers mate!
ReplyDelete