background image

c) Save the installer to your computer, and then start the installer. The ASDM-IDM Launcher opens

automatically after installation is complete.

d) Enter the management IP address, the same username and password (blank for a new installation), and

then click

OK

.

Step 3

To use Java Web Start:

a) Click

Run ASDM

or

Run Startup Wizard

.

b) Save the shortcut to your computer when prompted. You can optionally open it instead of saving it.
c) Start Java Web Start from the shortcut.
d) Accept any certificates according to the dialog boxes that appear. The Cisco ASDM-IDM Launcher appears.
e) Leave the username and password fields empty (for a new installation), and click

OK

. With no HTTPS

authentication configured, you can gain access to ASDM with no username and the

enable

password,

which is blank by default.

Note

: If you enabled HTTPS authentication, enter your username and associated

password. Even without authentication, if you enter a username and password at the login screen (instead
of leaving the username blank), ASDM checks the local database for a match.

Factory Default Configurations

The factory default configuration is the configuration applied by Cisco to new ASAs.

ASA appliances

The factory default configuration configures an interface for management so that you

can connect to it using ASDM, with which you can then complete your configuration.

ASA on the Firepower 9300 chassis

When you deploy the standalone or cluster of ASAs, the factory

default configuration configures an interface for management so that you can connect to it using ASDM,
with which you can then complete your configuration.

ASAv

Depending on your hypervisor, as part of deployment, the deployment configuration (the initial

virtual deployment settings) configures an interface for management so that you can connect to it using
ASDM, with which you can then complete your configuration. You can also configure failover IP
addresses. You can also apply a

factory default

configuration if desired.

ASASM

No default configuration. See

Access the ASA Services Module Console, on page 4

to

start configuration.

For appliances and the ASA on the Firepower 9300 chassis, the factory default configuration is available only
for routed firewall mode and single context mode. For the ASAv, you can choose transparent or routed mode
at deployment.

In addition to the image files and the (hidden) default configuration, the following folders and files are
standard in flash memory: log/, crypto_archive/, and coredumpinfo/coredump.cfg. The date on these files
may not match the date of the image files in flash memory. These files aid in potential troubleshooting;
they do not indicate that a failure has occurred.

Note

   CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5

16

Getting Started

Factory Default Configurations

Содержание Cisco ASA Series

Страница 1: ...ccess using Telnet or SSH according to Management Access If your system is already in multiple context mode then accessing the console port places you in the system execution space For ASAv console access see the ASAv quick start guide Note Access the Appliance Console Follow these steps to access the appliance console Procedure Step 1 Connect a computer to the console port using the provided cons...

Страница 2: ...ged mode enter the disable exit or quit command Step 5 To access global configuration mode enter the following command ciscoasa configure terminal The prompt changes to the following ciscoasa config You can begin to configure the ASA from global configuration mode To exit global configuration mode enter the exit quit or end command Access the ASA Console on the Firepower 9300 Chassis For initial c...

Страница 3: ...minal Example asa configure terminal asa config To exit global configuration mode enter the disable exit or quit command Step 4 Exit the ASA console session by typing to exit to the Telnet application then quit to exit to the FXOS supervisor CLI If you want to exit first to the FXOS module CLI for troubleshooting purposes enter Ctrl A D Example Firepower connect module 1 console Telnet escape char...

Страница 4: ...s command in conjunction with a terminal server where Ctrl Shift 6 x is the escape sequence to return to the terminal server prompt Ctrl Shift 6 x is also the sequence to escape the ASASM console and return to the switch prompt Therefore if you try to exit the ASASM console in this situation you instead exit all the way to the terminal server prompt If you reconnect the terminal server to the swit...

Страница 5: ... or SSH and then connecting to the ASASM If your system is already in multiple context mode then accessing the ASASM from the switch places you in the system execution space Later you can configure remote access directly to the ASASM using Telnet or SSH Procedure Step 1 From the switch perform one of the following Available for initial access From the switch CLI enter this command to gain console ...

Страница 6: ...able Password ciscoasa Enter the enable password at the prompt By default the password is blank To exit privileged EXEC mode enter the disable exit or quit command Step 3 Access global configuration mode configure terminal To exit global configuration mode enter the disable exit or quit command Related Topics Set the Hostname Domain Name and the Enable and Telnet Passwords Log Out of a Console Ses...

Страница 7: ...ion if you do not properly log out of the ASASM the connection may exist longer than intended If someone else wants to log in they will need to kill the existing connection Procedure Step 1 From the switch CLI show the connected users using the show users command A console user is called con The Host address shown is 127 0 0 slot0 where slot is the slot number of the module show users For example ...

Страница 8: ...sole If you have a software module installed such as the ASA FirePOWER module on the ASA 5506 X you can session to the module console You cannot access the hardware module CLI over the ASA backplane using the session command Note Procedure From the ASA CLI session to the module session sfr cxsc ips console Example ciscoasa session sfr console Opening console session with module sfr Connected to mo...

Страница 9: ...ent interface depends on your model ASA 5506 X ASA 5508 X and ASA 5516 X The interface to which you connect to ASDM is GigabitEthernet 1 2 ASA 5512 X and higher The interface to which you connect to ASDM is Management 0 0 ASAv The interface to which you connect to ASDM is Management 0 0 ISA 3000 The interface to which you connect to ASDM is Management 1 1 ASA on the Firepower 9300 chassis The inte...

Страница 10: ...r more of the following conditions applies You do not have a factory default configuration You want to change the management IP address You want to change to transparent firewall mode You want to change to multiple context mode For routed single mode for quick and easy ASDM access we recommend applying the factory default configuration with the option to set your own management IP address Use the ...

Страница 11: ...coasa config dhcpd address 192 168 1 2 192 168 1 254 management ciscoasa config dhcpd enable management Make sure you do not include the interface address in the range Step 5 For remote management hosts Configure a route to the management hosts route management_ifc management_host_ip mask gateway_ip 1 Example ciscoasa config route management 10 1 1 0 255 255 255 0 192 168 1 50 1 Step 6 Enable the ...

Страница 12: ... on page 1 Start ASDM on page 15 Configure ASDM Access for the ASA Services Module Because the ASASM does not have physical interfaces it does not come pre configured for ASDM access you must configure ASDM access using the CLI on the ASASM To configure the ASASM for ASDM access perform the following steps Before You Begin Assign a VLAN interface to the ASASM according to ASASM quick start guide P...

Страница 13: ... interface vlan 1 ciscoasa config if bridge group 1 ciscoasa config if nameif inside ciscoasa config if security level 100 The security level is a number between 1 and 100 where 100 is the most secure Step 4 For directly connected management hosts Enable DHCP for the management host on the management interface network dhcpd address ip_address ip_address interface_name dhcpd enable interface_name E...

Страница 14: ...les ASDM for a management host interface vlan 1 nameif inside ip address 192 168 1 1 255 255 255 0 security level 100 dhcpd address 192 168 1 3 192 168 1 254 inside dhcpd enable inside http server enable http 192 168 1 0 255 255 255 0 inside The following configuration converts the firewall mode to transparent mode configures the VLAN 1 interface and assigns it to BVI 1 and enables ASDM for a mana...

Страница 15: ...aunch ASDM This section describes how to connect to ASDM initially and then launch ASDM using the Launcher or the Java Web Start ASDM stores files in the local Users user_id asdm directory including cache log and preferences and also in the Temp directory including AnyConnect profiles Procedure Step 1 On the computer that you specified as the ASDM client enter the following URL https asa_ip_addres...

Страница 16: ...th which you can then complete your configuration ASA on the Firepower 9300 chassis When you deploy the standalone or cluster of ASAs the factory default configuration configures an interface for management so that you can connect to it using ASDM with which you can then complete your configuration ASAv Depending on your hypervisor as part of deployment the deployment configuration the initial vir...

Страница 17: ...specify the ip_address then you set the inside or management interface IP address depending on your model instead of using the default IP address of 192 168 1 1 The http command uses the subnet you specify Similarly the dhcpd address command range consists of addresses within the subnet that you specify This command also clears the boot system command if present along with the rest of the configur...

Страница 18: ...y unit ASA 5506 X 5508 X and 5516 X Default Configuration The default factory configuration for the ASA 5506 X series 5508 X and 5516 X configures the following inside outside traffic flow GigabitEthernet 1 1 outside GigabitEthernet 1 2 inside outside IP address from DHCP inside IP address 192 168 1 1 ASA 5506W X wifi inside wifi outside traffic flow GigabitEthernet 1 9 wifi ASA 5506W X wifi IP ad...

Страница 19: ...ress 192 168 10 2 192 168 10 254 wifi dhcpd enable wifi ASA 5512 X 5515 X 5525 X and Above Default Configuration The default factory configuration for the ASA 5512 X 5515 X 5525 X and above configures the following Management interface Management 0 0 management IP address The management address is 192 168 1 1 24 DHCP server Enabled for management hosts so that a computer connecting to the manageme...

Страница 20: ...mask ipv6 address ipv6_address ipv6 enable nameif management security level 0 no shutdown http server enable http 0 0 0 0 0 0 0 0 management http 0 management route management 0 0 0 0 0 0 0 0 gateway_ip 1 ipv6 route management 0 gateway_ipv6 ISA 3000 Default Configuration The default factory configuration for the ISA 3000 configures the following Transparent firewall mode A transparent firewall is...

Страница 21: ...thernet1 1 bridge group 1 nameif outside1 security level 0 no shutdown interface GigabitEthernet1 2 bridge group 1 nameif inside1 security level 100 no shutdown interface GigabitEthernet1 3 bridge group 1 nameif outside2 security level 0 no shutdown interface GigabitEthernet1 4 bridge group 1 nameif inside2 security level 100 no shutdown interface Management1 1 management only no shutdown nameif m...

Страница 22: ... interface allows through traffic so the Management only setting is not enabled Note Static route for the management host IP address if it is not on the management subnet HTTP server enabled or disabled HTTP access for the management host IP address Optional Failover link IP addresses for GigabitEthernet 0 8 and the Management 0 0 standby IP address DNS server Smart licensing ID token Smart licens...

Страница 23: ...ress mask management rest api image boot path rest api agent See the following sample configuration for a primary unit in a failover pair nameif management security level 0 ip address ip_address standby standby_ip management only no shutdown route management management_host_IP mask gateway_ip 1 http server enable http managemment_host_IP mask management dns server group DefaultDNS name server ip_a...

Страница 24: ...ve the running configuration to the startup configuration write memory The copy running config startup config command is equivalent to the write memory command Note Save Configuration Changes in Multiple Context Mode You can save each context and system configuration separately or you can save all context configurations at the same time Save Each Context and System Separately Use the following pro...

Страница 25: ...llowing information for errors For contexts that are not saved because of low memory the following message appears The context context a could not be saved due to Unavailability of resources For contexts that are not saved because the remote destination is unreachable the following message appears The context context a could not be saved due to non reachability of destination For contexts that are...

Страница 26: ...the startup configuration and discards the running configuration clear configure all and then copy startup config running config Loads the startup configuration and discards the running configuration without requiring a reload View the Configuration The following commands let you view the running and startup configurations show running config Views the running configuration show running config com...

Страница 27: ...figure all from the system configuration you also remove all contexts and stop them from running The context configuration files are not erased and remain in their original location This command also clears the boot system command if present along with the rest of the configuration The boot system command lets you boot from a specific image including an image on the external flash memory card The ...

Страница 28: ... the new policy To disconnect connections enter one of the following commands clear local host ip_address all This command reinitializes per client run time states such as connection limits and embryonic limits As a result this command removes any connection that uses those limits See the show local host all command to view all current connections per host With no arguments this command clears all...

Страница 29: ...Reload the ASA reload In multiple context mode you can only reload from the system execution space Note CLI Book 1 Cisco ASA Series General Operations CLI Configuration Guide 9 5 29 Getting Started Reload the ASA ...

Страница 30: ...CLI Book 1 Cisco ASA Series General Operations CLI Configuration Guide 9 5 30 Getting Started Reload the ASA ...

Отзывы: