ASDM Book 1: Cisco ASA Series General Operations ASDM Configuration Guide, 7.2

Starting Point or Welcome

• To change the existing configuration, click the Modify existing configuration radio button.
• To set the configuration to the factory default values, click the Reset configuration to factory defaults radio button.

– To configure the IP address and subnet mask of the Management 0/0 (ASA 5512-X and higher) or VLAN 1 (ASA 5505) interface to be different from the default value (192.168.1.1), check the Configure the IP address of the management interface check box.

Note If you reset the configuration to factory defaults, you cannot undo these changes by clicking Cancel or by closing this screen.

In multiple context mode, this screen does not contain any parameters.

Basic Configuration

• (ASA 5505) To specify a group of configuration settings for a remote worker, check the Configure the device for Teleworker usage check box. See Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode) for more information.
• For information about the hostname, domain name, and enable password, see Configuring the Hostname, Domain Name, and Passwords.

Interface Screens

The interface screens depend on the mode and model. This section includes the following topics:

• Interface Selection (ASA 5505)
• Switch Port Allocation (ASA 5505)
• Interface IP Address Configuration (ASA 5505, Routed Mode)
• Interface Configuration - PPPoE (ASA 5505, Routed Mode, Single Mode)
• Outside Interface Configuration - PPPoE (ASA 5512-X and Higher, Routed Mode, Single Mode)
• Management IP Address Configuration (Transparent Mode)
• Other Interfaces Configuration (ASA 5512-X and Higher)

Interface Selection (ASA 5505)

This screen lets you group the eight, Fast Ethernet switch ports on the ASA 5505 into three VLANs. These VLANs function as separate, Layer 3 networks. You can then choose or create the VLANs that define your network—one for each interface: Outside, Inside, or DMZ (DMZ is available in routed mode only). A DMZ is a separate network located in the neutral zone between a private (inside) network and a public (outside) network.

See Configuring VLAN Interfaces for more information.

Switch Port Allocation (ASA 5505)

This screen lets you allocate switch ports to Outside, Inside, or DMZ interfaces (DMZ is only available in routed mode). By default, all switch ports are assigned to VLAN 1 (Inside).

See Configuring VLAN Interfaces for more information.

Interface IP Address Configuration (ASA 5505, Routed Mode)

Configure the IP address of each VLAN interface. See Configuring General Interface Parameters for more information..

Interface Configuration - PPPoE (ASA 5505, Routed Mode, Single Mode)

Configure the PPoE settings for each interface. See PPPoE IP Address and Route Settings for more information.

Outside Interface Configuration (ASA 5512-X and Higher, Routed Mode)

• Configure the IP address of the outside interface (the interface with the lowest security level). See Configuring General Interface Parameters for more information..
• To configure the IPv6 address, see Configuring IPv6 Addressing.

Outside Interface Configuration - PPPoE (ASA 5512-X and Higher, Routed Mode, Single Mode)

Configure the PPoE settings for the outside interface. See PPPoE IP Address and Route Settings for more information.

Management IP Address Configuration (Transparent Mode)

For IPv4, a management IP address is required for each bridge group for both management traffic and for traffic to pass through the ASA. This screen sets the IP address for BVI 1.

See Configuring Bridge Groups for more information.

Other Interfaces Configuration (ASA 5512-X and Higher)

• You can configure parameters for other interfaces. See Configuring General Interface Parameters for more information.
• See Allowing Same Security Level Communication for information about the Enable traffic between... check boxes.

Static Routes

Configure static routes. See “Static and Default Routes,” for more information.

Note For the ASA 5505, to access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration.

Easy VPN Remote Configuration (ASA 5505, Single Mode, Routed Mode)

The ASA can act as an Easy VPN remote device to enable deployment of VPNs to remote locations. See the VPN configuration guide.

Note To access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration and unchecked the Enable Auto Update check box in Auto Update Server (Single Mode).

DHCP Server

Configure the DHCP server. See Configuring the DHCP Server for more information.

Address Translation (NAT/PAT)

Configures NAT or PAT for inside addresses (the interface with the highest security level) when accessing the outside (the interface with the lowest security level). See the firewall configuration guide for more information.

Administrative Access

• Configures ASDM, Telnet, or SSH access. See Configuring Management Access for more information.
• To enable a secure connection to an HTTP server to access ASDM, check the Enable HTTP server for HTTPS/ASDM access check box. See Configuring Management Access for more information.
• To allow ASDM to collect and display statistics, check the Enable ASDM history metrics check box. See Enabling History Metrics for more information.

IPS Basic Configuration

In single context mode, you can use the Startup Wizard in ASDM to configure basic IPS network configuration. These settings are saved to the IPS configuration, not the ASA configuration. See the firewall configuration guide.

ASA CX Basic Configuration (ASA 5585-X)

You can use the Startup Wizard in ASDM to configure the ASA CX management address and Auth Proxy Port. These settings are saved to the ASA CX configuration, not the ASA configuration. Note : You will also need to set additional network settings at the ASA CX CLI. See the firewall configuration guide for information about this screen.

ASA FirePOWER Basic Configuration

You can use the Startup Wizard in ASDM to configure the ASA FirePOWER management address information and accept the end user license agreement (EULA). These settings are saved to the ASA FirePOWER configuration, not the ASA configuration. You will also need to configure some settings in the ASA FirePOWER CLI. For more information, see the chapter on the ASA FirePOWER module in the firewall configuration guide.

Time Zone and Clock Configuration

Configure the clock parameters. See Setting the Date and Time for more information.

Auto Update Server (Single Mode)

• Configure an auto update server by checking the Enable Auto Update Server for ASA check box. See Configuring Auto Update for more information.
• If you have an IPS module, you can check the Enable Signature and Engine Updates from Cisco.com check box. Set the following additional parameters:

– Enter your Cisco.com username and password, and then confirm the password.

– Enter the start time in hh:mm:ss format, using a 24-hour clock.

Note For the ASA 5505, to access this screen, you must have checked the Configure the device for Teleworker usage check box in Basic Configuration.

Startup Wizard Summary

This screen summarizes all of the configuration settings that you have made for the ASA.

• To change any of the settings in previous screens, click Back.
• Choose one of the following:

– If you ran the Startup Wizard directly from a browser, when you click Finish, the configuration settings that you created through the wizard are sent to the ASA and saved in flash memory automatically.

– If you ran the Startup Wizard from within ASDM, you must explicitly save the configuration in flash memory by choosing File > Save Running Configuration to Flash.