The first thing that we should probably cover are the basics on connecting to the config on the Cisco ASA so we can see the existing setup and make changes to it.
We will cover the following methods to access the Cisco ASA configs:
- Console
- Telnet
- SSH (crypto key needed)
- ASDM
There are two user interfaces that we can use through these methods of connecting to the ASA, CLI (Command-line Interface) and the ASDM GUI (Graphical User Interface). See the examples below.
CLI ASDM
Most of the configurations you will see on this site are done through the CLI, but I will add the ASDM equivalent as I continue to build it. Personally the CLI method makes it easier for me to see the whole picture rather than bouncing around different screens looking for a check box I missed, but both have their pros and cons. We will use a terminal emulation program, PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html), to connect to the CLI. We will use this program for Console, Telnet, and SSH access.
Let’s take a look at these methods!
Console
When you purchase a Cisco ASA (ex. 5505, 5510), you should get a blue console cable with it. You will plug the RJ-45 end into the console port on the ASA and the serial end directly into a serial port on your management computer or use a serial to USB console cable. I use the Tripp-Lite Keyspan USA-19HS (http://www.amazon.com/gp/product/B0000VYJRY/).
Console Cable USB to Serial Adapter
Console cable connected to ASA and Serial to USB Adapter
Telnet and SSH
In order to telnet or SSH to the ASA, you will need IP connectivity established between the ASA and your management computer. These features need to be enabled on the ASA as well. I recommend SSH over telnet because the traffic is encrypted where with telnet it is not. We will cover the configuration required for this in a later post. (future link)
ASDM
This is an ASA management program that provides a GUI interface for management, monitoring, and configuration. You can access it by opening a web browser and going to the ASA’s IP address via HTTPS (ex. https://192.168.1.1), then download the application using the link provided or click on the Java applet to start an instance. I would use the Java instance since there can be additional issues with security when using the downloaded version. (Look for a future article that covers this issue.)
I primarily use ASDM for the monitoring features it provides when troubleshooting since it will show me nice graphs that are quick and easy to read. This is a feature that needs to be enabled, which we will cover the configuration in a later post. (future link)
Summary
For the purpose of following along with my tutorials, we will be connecting to the Cisco ASA using a console cable with a USB to serial adapter and PuTTY. I prefer this method of access because it always works. Even if I make a configuration change that breaks IP connectivity, I am always connected and able to see what is going on.