Prepare for ASDM

The PIX Security Appliance must be configured with the following information before the administrator can use ASDM. The administrator can either pre-configure a new PIX through the interactive prompts, which appear after the PIX boots, or the administrator can enter the commands shown below each information item.

  • Enable Password – Enter an alphanumeric password to protect the privileged mode of the PIX Security Appliance. This password must be used to log in to ASDM. The command syntax for enabling a password is as follows:

    enable password password [encrypted]

  • Time – Set the PIX Security Appliance clock to Universal Coordinated Time (UTC). Enter the UTC time in 24-hour time as hour:minutes:seconds. The command syntax for setting the clock is as follows:

    clock set hh:mm:ss day month year

  • Inside IP address – Specify the IP address of the inside interface of the PIX Security Appliance. The command syntax for setting an inside IP address is as follows:

    ip address ip_address [netmask]

  • Hostname – Specify up to 16 characters as a name for the PIX Security Appliance. The command syntax for setting a hostname is as follows:

    hostname newname

  • Domain name – Specify the domain name for the PIX Security Appliance. The command syntax for enabling domain name is as follows:

    domain-name name

  • IP address of the host running ASDM – Specify the IP address of the workstation that will access ASDM from its browser. The command syntax for granting permission for a host to connect to the PIX Security Appliance with SSL is as follows:

    http ip_address [netmask] [if_name]

  • HTTP Server – Enable the HTTP server on the PIX Security Appliance with the http server enable command.

There are certain commands that ASDM does not support in a configuration. If these commands are present in the configuration, they are ignored when encountered by the ASDM. They are displayed in the list of unparsed commands that is viewable under Options > View Unparsed Commands. ASDM does not change or remove these commands from the configuration.

Setup Dialog
A defaulted PIX Security Appliance starts in an interactive setup dialog to enable the administrator to perform the initial configuration required to use ASDM. The administrator can also access the setup dialog by entering setup at the configuration mode prompt.

The dialog asks for several responses, including the inside IP address, network mask, hostname, domain name and ASDM host. The hostname and domain name are used to generate the default certificate for the SSL connection.

The example in Figure shows how to respond to the setup command prompts. Pressing the Enter key instead of entering a value at the prompt accepts the default value within the brackets. The administrator must fill in any fields that show no default values, and change default values as necessary. After the configuration is written to Flash memory, the PIX Security Appliance is ready to start ASDM.

NOTE:

The clock must be set for ASDM to generate a valid certification. Set the PIX Security Appliance clock to UCT.

Lab Activity

Lab Exercise: Configuring the PIX Security Appliance with ASDM

In this lab, students will learn to configure basic settings using ASDM. Students will configure outbound access with NAT. Students will test connectivity through the PIX Security Appliance. Students will also configure banners, as well as Telnet and SSH for Remote access.