The PIX Security Appliance must be configured with the following information
before the administrator can use ASDM. The administrator can either
pre-configure a new PIX through the interactive prompts, which appear after the
PIX boots, or the administrator can enter the commands shown below each
information item.
Enable Password – Enter an alphanumeric password to protect the privileged
mode of the PIX Security Appliance. This password must be used to log in to
ASDM. The command syntax for enabling a password is as follows:
enable password password [encrypted]
Time – Set the PIX Security Appliance clock to Universal Coordinated Time
(UTC). Enter the UTC time in 24-hour time as hour:minutes:seconds. The command
syntax for setting the clock is as follows:
clock set
hh:mm:ss day month year
Inside IP address – Specify the IP address of the inside interface of the
PIX Security Appliance. The command syntax for setting an inside IP address is
as follows:
ip address ip_address
[netmask]
Hostname – Specify up to 16 characters as a name for the PIX Security
Appliance. The command syntax for setting a hostname is as follows:
hostname newname
Domain name – Specify the domain name for the PIX Security Appliance. The
command syntax for enabling domain name is as follows:
domain-name name
IP address of the host running ASDM – Specify the IP address of the
workstation that will access ASDM from its browser. The command syntax for
granting permission for a host to connect to the PIX Security Appliance with
SSL is as follows:
http ip_address [netmask]
[if_name]
HTTP Server – Enable the HTTP server on the PIX Security Appliance with the
http server enable command.
There are certain commands that ASDM does not support in a
configuration. If these commands are present in the configuration, they are
ignored when encountered by the ASDM. They are displayed in the list of
unparsed commands that is viewable under Options > View Unparsed
Commands. ASDM does not change or remove these commands from the
configuration.
Setup Dialog A defaulted PIX Security Appliance
starts in an interactive setup dialog to enable the administrator to perform
the initial configuration required to use ASDM. The administrator can also
access the setup dialog by entering setup at the
configuration mode prompt.
The dialog asks for several responses,
including the inside IP address, network mask, hostname, domain name and ASDM
host. The hostname and domain name are used to generate the default certificate
for the SSL connection.
The example in Figure
shows how to
respond to the setup command prompts. Pressing the
Enter key instead of entering a value at the prompt accepts the default
value within the brackets. The administrator must fill in any fields that show
no default values, and change default values as necessary. After the
configuration is written to Flash memory, the PIX Security Appliance is ready
to start ASDM.
NOTE:
The clock must be set for ASDM to generate a valid certification. Set
the PIX Security Appliance clock to UCT.
Lab Exercise: Configuring the PIX Security Appliance with ASDM
In this
lab, students will learn to configure basic settings using ASDM. Students will
configure outbound access with NAT. Students will test connectivity through the
PIX Security Appliance. Students will also configure banners, as well as Telnet
and SSH for Remote access.