Tag Archives: ASDM

How to setup Cisco ASDM in Demo mode

Today, I’ve encountered some issues during installing Cisco ASDM in Demo mode. In this post I will address this issues and show a step by step instruction on how to successfully setup ASDM for Demo mode.

In my attempts, I started by installing the lattest available versions for ASDM Demo (ASDM Demo 7.3.1) and Java JRE (Java 8 update 91) but finally got an unworkable setup. Every time trying to start demo mode a generic error that state that Demo software is not installed popping up (screen below).

How To setup ASDM demo mode - error mesage

Furthermore, if you go to application folder in Program Files (x86) you will see an empty ASDM\Demo folder, as like Demo mode not even installed.

After several attempts, I haven’t found a better solution than to downgrade my Java JRE (8u91) to the previous major release (lattest update): Java 7 update 72. Also, at least when you start setup process you must have a 32 bit version of Java installed.

To complete a Cisco ASDM setup in Demo mode:

  1. Download the lattest available Cisco ASDM Demo setup file. For this, go to Cisco download page at Products – Security – Firewalls – Firewall Management – Adaptive Security Device Manager – Adaptive Security Appliance (ASA) Device Manager and search through the ASDM versions available the latest one that have the word demo in setup (msi) file title. The release policy for ASDM demo don’t coincide with that for ASDM. At the moment of this writing the lattest available ASDM Demo was: ASDM Demo 7.3.1. For download to succeed you will need a service contract associated with your cisco.com login, otherwise a simple googling will reveal a leaked image somewhere in Internet.
  2. Download the latest available Java JRE 7 release (Java 7 update 72), both for 32 and 64 bit with 32 bit being mandatory (setup files are jre-7u72-windows-i586.exe and respectively jre-7u72-windows-x64.exe). Install both versions, these will function perfect together.
  3. Launch ASDM Demo setup and go through a banal installation wizard. The ASDM Demo 7.3.1 setup will install also the ASDM-IDM Launcher of version 1.5(73) so if you have a newer Launcher already installed it will be overlapped. If you later try to connect with this older Launcher to an updated ASA ASDM you will prompt for Launcher update. To avoid this version swapping back and forward I will recommend to setup DEMO mode somewhere on another PC, perhaps on a Virtual Box/VMware Player VM.

Note0: The steps above was successfully tested in a Windows Server 2012R2 OS Virtual Machine.

Note1: For a guide on how to disable Java Update to proceed automatically you can read here.  Simple unchecking the Automatically Updates from Java Control Panel is not enough you will need edit specific registry key.

If everything succeeded, your ASDM\Demo folder in Program Files (x86) should be full with plenty of files:

How To setup ASDM demo mode - demo folder

Now, we can start using Cisco ASDM in DEMO mode: start ASDM Launcher (icon on your desktop) – check Run in Demo Mode:

How To setup ASDM demo mode - launcher for demo mode

Select the preferred configuration, and click OK, ASDM Demo mode should start. In the above screen note the Device IP Address/Name field automatically filled with a localhost address (not appear on first run).

How To setup ASDM demo mode - asdm demo started

Now, you can start gamming with an imaginary topology with configured ASA devices.

 

How to configure ASA for ASDM access

It this short post I will go through the steps of configuring ASDM access on an ASA device. I will use the ASAv 9.5.2 appliance just configured for GNS3 in previous post.

Copy the ASDM image to ASAv appliance

First, we need to copy a compatible ASDM image to ASAv internal storage. Therefor:

  1. Go to Cisco Download Software portal at Products > Security > Firewalls > Firewall Management > Adaptive Security Device Manager and download a compatible ASDM image for your ASA device. For download to success you will need a service contract associated with your cisco.com profile otherwise try a simple Internet search for a leaked image. Verify compatibility by consulting the Cisco ASA compatibility (link) article. For my ASAv version 9.5.2 an ASDM version 7.5.2.153 will compatible and sufficient.
  1. In GNS3, build a simple topology that will connect ASAv to some external network. To do that, connect one interface from ASAv to a cloud object configured to be linked to one of the host interface – for this purpose I usualy use a simple loopback adapter (for how to install such a one, read this technet article. reboot required). Because the ASA can’t connect directly to a cloud object a transit synthetic switch needs to be added. At this step, your topology should look like this:

How To configure ASA for ASDM access - topology view

Note0: Ethernet0 on ASA as presented by GNS3 correspond to Mangement0/0 intf seen from inside the device.

Note1: For a better look, changed the symbol/hostname used for cloud representation.

  1. On host computer start your favorite TFTP daemon (for this purpose I use tftpd32 from tftpd32.jounin.net. Configure the daemon directory and listening interface, additionally verify you host firewall to allow tftp protocol.

How To configure ASA for ASDM access - tftpd32 config

  1. Start the ASAv device and open the serial console. Configure interface IP settings, verify connectivity and copy the ASDM image to ASAv internal storage:

How To configure ASA for ASDM access - intf. configuration

A copy process should now begin. The progress seems to be less rapid than expected (in my case a top was the 60kbps) which could be because of unlicensed state of ASAv. In essence not a big problem, just wait for 3-5 minute for operation to complete. For confirmation do a dir command:

How To configure ASA for ASDM access - dir flash

Configure ASAv for ASDM access

Now it’s time to configure ASAv for ASDM access. Execute the following commands:

First two lines configure authentication, in this particular case against the local user database, second group of two commands enable HTTPS server and access from 192.168.49.0/24 network via mgmt interface (Management0/0) an the last command tell the firewall to use asdm-752-153.bin image for ASDM access.

Next, switch to your browser and try to open https for management interface https://192.168.49.100. If everything is ok, a security certificate error should appear in your browser, confirm the certificate exception to go forward. You should see a page like this:

How To configure ASA for ASDM access - ASDM welcome page

From this point you have two options: (a) via Java Plugins or (b) through ASDM Launcher. My preference is to use the ASDM Launcher. First install the ASDM Launcher – after click Install ASDM Launcher and successfully authentication a setup file will be made available for download, second start ASDM Launcher (icon on your desktop should be already present).

In ASDM Launcher authentication window, put the ASAv IP address and the authentication credentials.

How To configure ASA for ASDM access - ASDM launcher

Finally, after loading ASAv configuration, ASDM application should start:

How To configure ASA for ASDM access - ASDM view