Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - SECURITY
      - CISCO ADAPTIVE SECURITY DEVICE MANAGER
        GENERAL INFORMATION
        RELEASE NOTES
        Cisco ASDM Release Notes, Version 6.0(2)

Cisco Adaptive Security Device Manager

Cisco ASDM Release Notes, Version 6.0(2)

Downloads

Cisco ASDM Release Notes, Version 6.0(2)

Table Of Contents

Cisco ASDM Release Notes Version 6.0(2)

Introduction

New Platform Features

New Device Manager Features

ASDM Client PC Operating System and Browser Requirements

Memory Errors in Firefox

Supported Platforms and Feature Licenses

ASDM and SSM Compatibility

Upgrading ASDM

Getting Started with ASDM

Before You Begin

Downloading the ASDM Launcher

Starting ASDM from the ASDM Launcher

Using ASDM in Demo Mode

Starting ASDM from a Web Browser

Using the Startup Wizard

Using the VPN Wizard

Printing from ASDM

ASDM Limitations

Unsupported Commands

One-Time Password Not Supported

Effects of Unsupported Commands

Ignored and View-Only Commands

Other CLI Limitations

Interactive User Commands Not Supported in ASDM CLI Tool

Unsupported Characters

Caveats

Open Caveats - Version 6.0(2)

End-User License Agreement

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Cisco ASDM Release Notes Version 6.0(2)

May 2008

This document contains release information for Cisco ASDM Version 6.0(2) on Cisco PIX 500 series and Cisco ASA 5500 adaptive series security appliances Version 8.0(2). It includes the following sections:

•Introduction

•New Platform Features

•New Device Manager Features

•Supported Platforms and Feature Licenses

•ASDM and SSM Compatibility

•Upgrading ASDM

•Getting Started with ASDM

•ASDM Limitations

•Caveats

•End-User License Agreement

•Related Documentation

•Obtaining Documentation, Obtaining Support, and Security Guidelines

Introduction

Cisco Adaptive Security Device Manager (ASDM) delivers world-class security management and monitoring services for Cisco PIX 500 and ASA 5500 adaptive series security appliances through an intuitive, easy-to-use, web-based management interface. Bundled with supported security appliances, the device manager accelerates security appliance deployment with intelligent wizards, robust administration tools, and versatile monitoring services that complement the advanced security and networking features offered by Cisco PIX 500 and ASA 5500 adaptive series security appliance software Version8.0(2). Its secure, web-based design enables anytime, anywhere access to security appliances.

New Platform Features

The PIX 500 and ASA 5500 series security appliances Version 7.1(1) introduce significant enhancements to VPN services and management/monitoring features. ASDM supports these new platform features. In addition, ASDM adds support for the new Content Security and Control SSM in the ASA 5500 series security appliances.

This document contains release information about ASDM only. For detailed information on new platform features, see Cisco ASA 500 Series Release Notes or Cisco PIX Security Appliance Release Notes.

New Device Manager Features

Version 6.0(2) contains the following enhancements:

ASDM Feature Type

Feature

Description

Usability

Redesigned Interface

Reorganizes information to provide greater logical consistency and ease of navigation.

Expanded onscreen help

ASDM describes features and configuration options on screen, which reduces the need to consult other information sources.

Visual policy editor

The visual policy editor lets an administrator configure access control policies and posture checking.

Firewall Dashboard

From the home page, you can now track threats to your network by monitoring traffic that exceeds rate limits, as well as allowed and dropped traffic by host, access list, port, or protocol.

Accessibility Features

Features such as keyboard navigation, alternate text for graphics, and improved screen reader support have been added.

Complex Configuration Support

You can move between panes without applying changes, allowing you to enter multi-pane configurations before applying that configuration to the device.

Device List

ASDM maintains a list of recently accessed devices, allowing you to switch between devices and contexts.

Certificate Management Enhancements

The certificate management GUI is reorganized and simplified.

Wizards

SSL VPN configuration wizard

The new SSL VPN configuration wizard provides step-by-step guidance in configuring basic SSL VPN connections.

Startup Wizard Enhancement

The Startup Wizard now allows you to configure the adaptive security appliance to pass traffic to an installed CSC SSM.

ASDM Assistant Enhancements`

An assistant for configuring Secure Voice was added.

Packet Capture Wizard

The Packet Capture Wizard assists you in obtaining and downloading sniffer trace in PCAP format.

Service Policy Rule Wizard

Updated to support IPS Virtualization.

ASDM Client PC Operating System and Browser Requirements

Table 1 lists the supported and recommended PC operating systems and browsers for ASDM Version 6.0(2).

Table 1 Operating System and Browser Requirements

Operating System

Version

Browser

Other Requirements

Microsoft Windows¹

Windows Vista

Windows 2003 Server

Windows XP

Windows 2000 (Service Pack 4)

Internet Explorer 6.0 or 7.0 with Sun Java SE² Plug-in 1.4.2, 5.0 (1.5.0), or 6.0

Firefox 1.5 or 2.0 with Java SE Plug-in 1.4.2, 5.0 (1.5.0), or 6.0

SSL Encryption Settings—All available encryption options are enabled for SSL in the browser preferences.

Note We support both the English and Japanese versions of Windows.

Note HTTP 1.1—Settings for Internet Options > Advanced > HTTP 1.1 should use HTTP 1.1 for both proxy and non-proxy connections.

Apple MacIntosh

Apple MacIntosh OS X

Firefox 1.5 or 2.0 or Safari 2.0 with Java SE Plug-in 1.4.2, 5.0 (1.5.0), or 6.0

Linux

Red Hat Desktop, Red Hat Enterprise Linux WS version 4 running GNOME or KDE

Firefox 1.5 or 2.0 with Java SE Plug-in 1.4.2, 5.0 (1.5.0), or 6.0

¹ASDM is not supported on Windows 3.1, Windows 95, Windows 98, Windows ME, or Windows NT4.

²Obtain Sun Java from java.sun.com.

Memory Errors in Firefox

Firefox may stop responding or give an out of memory error message Linux and Windows if multiple instances of ASDM are running. You can use the following steps to increase the Java memory and work around the behavior.

This section describes how to increase the memory for Java on the following platforms:

•Java Plug-In for Windows

•Java Plug-In on Linux

Java Plug-In for Windows

To change the memory settings of the Java Plug-in on Windows for Java Plug-in versions 1.4.2 and 1.5, perform the following steps:

Step 1 Exit all browsers.

Step 2 Click Start > Settings > Control Panel.

Step 3 If you have Java Plug-in 1.4.2 installed:

a. Click Java Plug-in. The Java Plug-in Control Panel appears.

b. Click the Advanced tab.

c. Type -Xmx256m in the Java RunTime Parameters field.

d. Click Apply and exit the Java Control Panel.

Step 4 If you have Java Plug-in 1.5 installed:

a. Click Java. The Java Control Panel appears.

b. Click the Java tab.

c. Click View under Java Applet Runtime Settings. The Java Runtime Settings Panel appears.

d. Type -Xmx256m in the Java Runtime Parameters field and then click OK.

e. Click OK and exit the Java Control Panel.

Java Plug-In on Linux

To change the settings of Java Plug-in version 1.4.2 or 1.5 on Linux, perform the following steps:

Step 1 Exit all browsers.

Step 2 Open the Java Plug-in Control Panel by launching the Control Panel executable file.

Note In the Java 2 SDK, this file is located in SDK installation directory/jre/bin/ControlPanel. For example: if the Java 2 SDK is installed at /usr/j2se, the full path is /usr/j2se/jre/bin/ControlPanel. In a Java 2 Runtime Environment installation, the file is located at JRE installation directory/bin/ControlPanel.

Step 3 If you have Java Plug-in 1.4.2 installed:

a. Click the Advanced tab.

b. Type -Xmx256m in the Java RunTime Parameters field.

c. Click Apply and close the Java Control Panel.

Step 4 If you have Java Plug-in 1.5 installed:

a. Click the Java tab.

b. Click View under Java Applet Runtime Settings.

c. Type -Xmx256m in the Java Runtime Parameters field and then click OK.

d. Click OK and exit the Java Control Panel.

Supported Platforms and Feature Licenses

This software version supports the following platforms; see the associated tables for the feature support for each model:

•ASA 5505, Table 2

•ASA 5510, Table 3

•ASA 5520, Table 4

•ASA 5540, Table 5

•ASA 5550, Table 6

•PIX 515/515E, Table 7

•PIX 525, Table 8

•PIX 535, Table 9

Note Items that are in italics are separate, optional licenses that you can replace the base license. You can mix and match licenses, for example, the 10 security context license plus the Strong Encryption license; or the 500 WebVPN license plus the GTP/GPRS license; or all four licenses together.

Table 2 ASA 5505 Adaptive Security Appliance License Features

ASA 5505

Base License

Security Plus

Users, concurrent¹

10

Optional Licenses:

10

Optional Licenses:

50

Unlimited

50

Unlimited

Security Contexts

No support

No support

VPN Sessions²

10 combined IPSec and WebVPN

25 combined IPSec and WebVPN

Max. IPSec Sessions

10

25

Max. WebVPN Sessions

2

Optional License: 10

2

Optional License: 10

VPN Load Balancing

No support

No support

TLS Proxy for SIP and Skinny Inspection

Supported

Supported

Failover

None

Active/Standby (no stateful failover)

GTP/GPRS

No support

No support

Maximum VLANs/Zones

3 (2 regular zones and 1 restricted zone that can only communicate with 1 other zone)

20

Maximum VLAN Trunks

No support

Unlimited

Concurrent Firewall Conns³

10 K

25 K

Max. Physical Interfaces

Unlimited, assigned to VLANs/zones

Unlimited, assigned to VLANs/zones

Encryption

Base (DES)

Optional license:
Strong (3DES/AES)

Base (DES)

Optional license:
Strong (3DES/AES)

Minimum RAM

256 MB

256 MB

¹In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view the host limits.

²Although the maximum IPSec and WebVPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

³The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with one host and one dynamic translation for every four connections.

Table 3 ASA 5510 Adaptive Security Appliance License Features

ASA 5510

Base License

Security Plus

Users, concurrent

Unlimited

Unlimited

Security Contexts

No support

2

Optional Licenses:

5

VPN Sessions¹

250 combined IPSec and WebVPN

250 combined IPSec and WebVPN

Max. IPSec Sessions

250

250

Max. WebVPN Sessions

2

Optional Licenses:

2

Optional Licenses:

10

25

50

100

250

10

25

50

100

250

VPN Load Balancing

No support

No support

TLS Proxy for SIP and Skinny Inspection

Supported

Supported

Failover

None

Active/Standby or Active/Active

GTP/GPRS

No support

No support

Max. VLANs

50

100

Concurrent Firewall Conns²

50 K

130 K

Max. Physical Interfaces

Unlimited

Unlimited

Encryption

Base (DES)

Optional license:
Strong (3DES/AES)

Base (DES)

Optional license:
Strong (3DES/AES)

Min. RAM

256 MB

256 MB

¹Although the maximum IPSec and WebVPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

²The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.

Table 4 ASA 5520 Adaptive Security Appliance License Features

ASA 5520

Base License

Users, concurrent

Unlimited

Unlimited

Security Contexts

2

Optional Licenses:

5

10

20

VPN Sessions¹

750 combined IPSec and WebVPN

Max. IPSec Sessions

750

Max. WebVPN Sessions

2

Optional Licenses:

10

25

50

100

250

500

750

VPN Load Balancing

Supported

TLS Proxy for SIP and Skinny Inspection

Supported

Failover

Active/Standby or Active/Active

GTP/GPRS

None

Optional license: Enabled

Max. VLANs

150

Concurrent Firewall Conns²

280 K

Max. Physical Interfaces

Unlimited

Encryption

Base (DES)

Optional license: Strong (3DES/AES)

Min. RAM

512 MB

¹Although the maximum IPSec and WebVPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

²The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.

Table 5 ASA 5540 Adaptive Security Appliance License Features

ASA 5540

Base License

Users, concurrent

Unlimited

Unlimited

Security Contexts

2

Optional licenses:

5

10

20

50

VPN Sessions¹

5000 combined IPSec and WebVPN

Max. IPSec Sessions

5000

Max. WebVPN Sessions

2

Optional Licenses:

10

25

50

100

250

500

750

1000

2500

VPN Load Balancing

Supported

TLS Proxy for SIP and Skinny Inspection

Supported

Failover

Active/Standby or Active/Active

GTP/GPRS

None

Optional license: Enabled

Max. VLANs

200

Concurrent Firewall Conns²

400 K

Max. Physical Interfaces

Unlimited

Encryption

Base (DES)

Optional license: Strong (3DES/AES)

Min. RAM

1 GB

¹Although the maximum IPSec and WebVPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

²The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.

Table 6 ASA 5550 Adaptive Security Appliance License Features

ASA 5550

Base License

Users, concurrent

Unlimited

Security Contexts

2

Optional licenses:

5

10

20

50

VPN Sessions¹

5000 combined IPSec and WebVPN

Max. IPSec Sessions

5000

Max. WebVPN Sessions

2

Optional Licenses:

10

25

50

100

250

500

750

1000

2500

5000

VPN Load Balancing

Supported

TLS Proxy for SIP and Skinny Inspection

Supported

Failover

Active/Standby or Active/Active

GTP/GPRS

None

Optional license: Enabled

Max. VLANs

250

Concurrent Firewall Conns²

650 K

Max. Physical Interfaces

Unlimited

Encryption

Base (DES)

Optional license: Strong (3DES/AES)

Min. RAM

4 GB

¹Although the maximum IPSec and WebVPN sessions add up to more than the maximum VPN sessions, the combined sessions should not exceed the VPN session limit. If you exceed the maximum VPN sessions, you can overload the security appliance, so be sure to size your network appropriately.

²The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.

Table 7 PIX 515/515E Security Appliance License Features

PIX 515/515E

R (Restricted)

UR (Unrestricted)

FO (Failover)¹

FO-AA (Failover Active/Active)1

Users, concurrent

Unlimited

Unlimited

Unlimited

Unlimited

Security Contexts

No support

2

Optional license: 5

2

Optional license: 5

2

Optional license: 5

IPSec Sessions

2000

2000

2000

2000

WebVPN Sessions

No support

No support

No support

No support

VPN Load Balancing

No support

No support

No support

No support

TLS Proxy for SIP and Skinny Inspection

No support

No support

No support

No support

Failover

No support

Active/Standby
Active/Active

Active/Standby

Active/Standby
Active/Active

GTP/GPRS

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

Max. VLANs

10

25

25

25

Concurrent Firewall Conns²

48 K

130 K

130 K

130 K

Max. Physical Interfaces

3

6

6

6

Encryption

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Min. RAM

64 MB

128 MB

128 MB

128 MB

¹This license can only be used in a failover pair with another unit with a UR license. Both units must be the same model.

²The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.

Table 8 PIX 525 Security Appliance License Features

PIX 525

R (Restricted)

UR (Unrestricted)

FO (Failover)¹

FO-AA (Failover Active/Active)1

Users, concurrent

Unlimited

Unlimited

Unlimited

Unlimited

Security Contexts

No support

2

Optional licenses:

2

Optional licenses:

2

Optional licenses:

5

10

20

50

5

10

20

50

5

10

20

50

IPSec Sessions

2000

2000

2000

2000

WebVPN Sessions

No support

No support

No support

No support

VPN Load Balancing

No support

No support

No support

No support

TLS Proxy for SIP and Skinny Inspection

No support

No support

No support

No support

Failover

No support

Active/Standby
Active/Active

Active/Standby

Active/Standby
Active/Active

GTP/GPRS

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

Max. VLANs

25

100

100

100

Concurrent Firewall Conns²

140 K

280 K

280 K

280 K

Max. Physical Interfaces

6

10

10

10

Encryption

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Min. RAM

128 MB

256 MB

256 MB

256 MB

¹This license can only be used in a failover pair with another unit with a UR license. Both units must be the same model.

²The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.

Table 9 PIX 535 Security Appliance License Features

PIX 535

R (Restricted)

UR (Unrestricted)

FO (Failover)¹

FO-AA (Failover Active/Active)1

Users, concurrent

Unlimited

Unlimited

Unlimited

Unlimited

Security Contexts

No support

2

Optional licenses:

2

Optional licenses:

2

Optional licenses:

5

10

20

50

5

10

20

50

5

10

20

50

IPSec Sessions

2000

2000

2000

2000

WebVPN Sessions

No support

No support

No support

No support

VPN Load Balancing

No support

No support

No support

No support

TLS Proxy for SIP and Skinny Inspection

No support

No support

No support

No support

Failover

No support

Active/Standby
Active/Active

Active/Standby

Active/Standby
Active/Active

GTP/GPRS

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

None

Optional license:
Enabled

Max. VLANs

50

150

150

150

Concurrent Firewall Conns²

250 K

500 K

500 K

500 K

Max. Physical Interfaces

8

14

14

14

Encryption

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

None

Optional licenses:

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Base (DES)

Strong (3DES/
AES)

Min. RAM

512 MB

1024 MB

1024 MB

1024 MB

¹This license can only be used in a failover pair with another unit with a UR license. Both units must be the same model.

²The concurrent firewall connections are based on a traffic mix of 80% TCP and 20% UDP, with 1 host and 1 dynamic translation for every 4 connections.

ASDM and SSM Compatibility

For a table showing ASDM compatibility with SSMs, see:

http://www.cisco.com/en/US/products/ps6120/products_device_support_table09186a0080682a78.html

Upgrading ASDM

This section describes how to upgrade ASDM to a new ASDM release. If you have a Cisco.com login, you can obtain ASDM from one of the following websites:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

or

http://www.cisco.com/pcgi-bin/tablebuild.pl/pix

Note If you are upgrading from PIX Version 6.3, first upgrade to Version 7.0 according to Guide for Cisco PIX 6.2 and 6.3 Users Upgrading to Cisco PIX Software Version 7.0. Then upgrade PDM to ASDM according to the ASDM 5.0 release notes.

If you have a previous release of ASDM on your security appliance and want to upgrade to the latest release, you can do so from within ASDM. We recommend that you upgrade the ASDM image before the platform image. ASDM is backwards compatible, so you can upgrade the platform image using the new ASDM; you cannot use an old ASDM with a new platform image.

To upgrade ASDM, perform the following steps:

Step 1 Download the new ASDM image to your PC.

Step 2 Launch ASDM.

Step 3 From the Tools menu:

a. In ASDM 5.0 and 5.1, click Upload Image from Local PC.

b. In ASDM 5.2, click Upgrade Software.

Step 4 With ASDM selected, click Browse Local to select the new ASDM image.

Step 5 To specify the location in Flash memory where you want to install the new image, enter the directory path in the field or click Browse Flash.

If your security appliance does not have enough memory to hold two ASDM images, overwrite the old image with the new one by specifying the same destination filename. You can rename the image after it was uploaded using the Tools > File Management tool.

If you have enough memory for both versions, you can specify a different name for the new version. If you need to revert to the old version, it is still in your Flash memory.

Step 6 Click Upload Image.

When ASDM is finished uploading, the following message appears:

"ASDM Image is Uploaded to Flash Successfully."

Step 7 If the new ASDM image has a different name than the old image, then you must configure the security appliance to load the new image in the Configuration > Properties > Device Administration > Boot System/Configuration pane.

Step 8 To run the new ASDM image, you must exit ASDM and reconnect.

Step 9 Download the new platform image using the Tools > Upgrade Software tool.

To reload the new image, reload the security appliance using the Tools > System Reload tool.

Getting Started with ASDM

This section describes how to connect to ASDM and start your configuration. If you are using the security appliance for the first time, your security appliance might include a default configuration. You can connect to a default IP address with ASDM so that you can immediately start to configure the security appliance from ASDM. If your platform does not support a default configuration, you can log in to the CLI and run the setup command to establish connectivity. See Before You Begin for more detailed information about networking.

This section includes the following topics:

•Before You Begin

•Downloading the ASDM Launcher

•Starting ASDM from the ASDM Launcher

•Using ASDM in Demo Mode

•Starting ASDM from a Web Browser

•Using the Startup Wizard

•Using the VPN Wizard

•Printing from ASDM

Before You Begin

If your security appliance includes a factory default configuration, you can connect to the default management address of 192.168.1.1 with ASDM. On the ASA 5500 series adaptive security appliance, the interface to which you connect with ASDM is Management 0/0. For the PIX 500 series security appliance, the interface to which you connect with ASDM is Ethernet 1. To restore the default configuration, enter the configure factory-default command at the security appliance CLI.

Make sure the PC is on the same network as the security appliance. You can use DHCP on the client to obtain an IP address from the security appliance, or you can set the IP address to a 192.168.1.0/24 network address.

If your platform does not support the factory default configuration, or you want to add to an existing configuration to make it accessible for ASDM, access the security appliance CLI according to the Cisco Security Appliance Command Line Configuration Guide, and enter the setup command. The setup command prompts you for a minimal configuration to connect to the security appliance using ASDM.

Note You must have an inside interface already configured to use the setup command. The Cisco PIX security appliance default configuration includes an inside interface, but the Cisco ASA adaptive security appliance default configuration does not. Before using the setup command, enter the interface gigabitethernet slot/port command, and then the nameif inside command. The slot for interfaces that are built in to the chassis is 0. For example, enter interface gigabitethernet 0/1. The Cisco PIX 500 series and the ASA 5510 adaptive security appliance have an Ethernet-type interface.

Downloading the ASDM Launcher

The ASDM Launcher is for Windows only. The ASDM Launcher is an improvement over running ASDM in a Java Applet. The ASDM Launcher avoids double authentication and certificate dialog boxes, launches faster, and caches previously-entered IP addresses and usernames.

To download the ASDM Launcher, perform the following steps:

Step 1 From a supported web browser on the security appliance network, enter the following URL:
https://interface_ip_address
In transparent firewall mode, enter the management IP address.

Note Be sure to enter https, not http.

Step 2 Click OK or Yes to all prompts, including the name and password prompt. By default, leave the name and password blank.

A page displays with the following buttons:

•Download ASDM Launcher and Start ASDM

•Run ASDM as a Java Applet

Step 3 Click Download ASDM Launcher and Start ASDM.

The installer downloads to your PC.

Step 4 Run the installer to install the ASDM Launcher.

Starting ASDM from the ASDM Launcher

The ASDM Launcher is for Windows only.

To start ASDM from the ASDM Launcher, perform the following steps:

Step 1 Double-click the Cisco ASDM Launcher shortcut on your desktop, or start it from the Start menu.

Step 2 Enter the security appliance IP address or hostname, your username, and your password, and then click OK.

If there is a new version of ASDM on the security appliance, the ASDM Launcher automatically downloads it before starting ASDM.

Using ASDM in Demo Mode

ASDM Demo Mode is available as a separately installed application running under Windows. It makes use of the ASDM Launcher and pre-packaged configuration files to let you run ASDM without having a live device available. ASDM Demo Mode lets you:

•Perform configuration and select monitoring tasks via ASDM as though you were interacting with a real device.

•Demonstrate ASDM or security appliance features using the ASDM interface.

•Perform configuration and monitoring tasks with the Content Security and Control (CSC) SSM.

ASDM Demo Mode provides simulated monitoring data, including real-time system log messages. The data shown is randomly generated, but the experience is identical to what you would see when connecting to a real device.

ASDM Demo Mode has the following limitations:

•Changes made to the configuration will appear in the GUI but are not applied to the configuration file. That is, when you click the Refresh button, it will revert back to the original configuration. The changes are never saved to the configuration file.

•File/Disk operations are not supported.

•Monitoring and logging data are simulated. Historical monitoring data is not available.

•You can only log in as an admin user; you cannot log in as a monitor-only or read-only user.

•Demo Mode does not support the following features:

–File menu:

Save Running Configuration to Flash

Save Running Configuration to TFTP Server

Save Running Configuration to Standby Unit

Save Internal Log Buffer to Flash

Clear Internal Log Buffer

–Tools menu:

Command Line Interface

Ping

File Management

Update Image

File Transfer

Upload image from Local PC

System Reload

–Toolbar/Status bar > Save

–Configuration > Interface > Edit Interface > Renew DHCP Lease

–Failover—Configuring a standby device

•These operations cause a reread of the configuration and therefore will revert the configuration back to the original settings.

–Switching contexts

–Making changes in the Interface panel

–NAT panel changes

–Clock panel changes

To run ASDM in Demo Mode, perform the following steps:

Step 1 If you have not yet installed the Demo Mode application, perform the following steps:

a. Download the ASDM Demo Mode installer from one of the following websites:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

or

http://www.cisco.com/pcgi-bin/tablebuild.pl/pix

The filename is asdm-demo-version.msi.

b. Double-click the installer to install the software.

Step 2 Double-click the Cisco ASDM Launcher shortcut on your desktop, or start it from the Start menu.

Step 3 Check Run in Demo Mode.