Configure the ASA Virtual

The ASA virtual deployment preconfigures ASDM access. From the client IP address you specified during deployment, you can connect to the ASA virtual management IP address with a web browser. This chapter also describes how to allow other clients to access ASDM and also how to allow CLI access (SSH or Telnet). Other essential configuration tasks covered in this chapter include the license installation and common configuration tasks provided by wizards in ASDM.

Start ASDM

Procedure

Step 1

On the PC that you specified as the ASDM client, enter the following URL:

https://asa_ip_address/admin

The ASDM launch window appears with the following buttons:

  • Install ASDM Launcher and Run ASDM

  • Run ASDM

  • Run Startup Wizard

Step 2

To download the Launcher:

  1. Click Install ASDM Launcher and Run ASDM.

  2. Leave the username and password fields empty (for a new installation), and click OK. With no HTTPS authentication configured, you can gain access to ASDM with no username and the enable password, which is blank by default. If you enabled HTTPS authentication, enter your username and associated password.

  3. Save the installer to your PC, and then start the installer. The ASDM-IDM Launcher opens automatically after installation is complete.

  4. Enter the management IP address, leave the username and password blank (for a new installation), and then click OK. If you enabled HTTPS authentication, enter your username and associated password.

Step 3

To use Java Web Start:

  1. Click Run ASDM or Run Startup Wizard.

  2. Save the shortcut to your computer when prompted. You can optionally open it instead of saving it.

  3. Start Java Web Start from the shortcut.

  4. Accept any certificates according to the dialog boxes that appear. The Cisco ASDM-IDM Launcher appears.

  5. Leave the username and password blank (for a new installation), and then click OK. If you enabled HTTPS authentication, enter your username and associated password.

Perform Initial Configuration Using ASDM

You can perform initial configuration using the following ASDM wizards and procedures.

  • Run the Startup Wizard

  • (Optional) Allow Access to Public Servers Behind the ASA virtual

  • (Optional) Run VPN Wizards

  • (Optional) Run Other Wizards in ASDM

For CLI configuration, see the Cisco Secure Firewall ASA Series CLI configuration guides.

Run the Startup Wizard

Run the Startup Wizard to customize the security policy to suit your deployment.

Procedure

Step 1

Choose Wizards > Startup Wizard.

Step 2

Customize the security policy to suit your deployment. You can set the following:

  • Hostname

  • Domain name

  • Administrative passwords

  • Interfaces

  • IP addresses

  • Static routes

  • DHCP server

  • Network address translation rules

  • and more ...

(Optional) Allow Access to Public Servers Behind the ASA Virtual

The Configuration > Firewall > Public Servers pane automatically configures the security policy to make an inside server accessible from the Internet. As a business owner, you might have internal network services, such as a web and FTP server, that need to be available to an outside user. You can place these services on a separate network behind the ASA virtual, called a demilitarized zone (DMZ). By placing the public servers on the DMZ, any attacks launched against the public servers do not affect your inside networks.

(Optional) Run VPN Wizards

You can configure VPN using the following wizards (Wizards > VPN Wizards):

  • Site-to-Site VPN Wizard—Creates an IPsec site-to-site tunnel between the ASA virtual and another VPN-capable device.

  • AnyConnect VPN Wizard—Configures SSL VPN remote access for the Cisco AnyConnect VPN client. AnyConnect Client provides secure SSL connections to the ASA for remote users with full VPN tunneling to corporate resources. You can configure the ASA policy to download the AnyConnect Client to remote users when they initially connect through a browser. With AnyConnect Client 3.0 and later, the client can run either the SSL or IPsec IKEv2 VPN protocol.

  • Clientless SSL VPN Wizard—Configures clientless SSL VPN remote access for a browser. Clientless, browser-based SSL VPN lets users establish a secure, remote-access VPN tunnel to the ASA using a web browser. After authentication, users access a portal page and can access specific, supported internal resources. The network administrator provides access to resources by users on a group basis. ACLs can be applied to restrict or allow access to specific corporate resources.

  • IPsec (IKEv1 or IKEv2) Remote Access VPN Wizard—Configures IPsec VPN remote access for the Cisco IPsec client.

For information on how to configure an ASA virtual IPsec Virtual Tunnel Interface (VTI) connection to Azure, see Configure ASA IPsec VTI Connection to Azure.

(Optional) Run Other Wizards in ASDM

You can run other wizards in ASDM to configure failover with high availability, VPN cluster load balancing, and packet capture.

  • High Availability and Scalability Wizard—Configure failover or VPN load balancing.

  • Packet Capture Wizard—Configure and run packet capture. The wizard runs one packet capture on each of the ingress and egress interfaces. After capturing packets, you can save the packet captures to your PC for examination and replay in the packet analyzer.