06
- August
2011
Posted By : Gom Jabbar
Cisco ASA Device Management – Managing ASDM

Once you’ve enabled ASDM on the Cisco ASA, here are more Cisco commands to manage the ASDM from the command line:

Changing the Default Port for ASDM

Anyone who has watched traffic on the public interface of an Internet-facing device for any length of time has probably seen a lot of portscans and probes. If well-known ports are open, then you get the intrusion attempts which are usually automated bruteforce attacks. Even if the intrustion attempt is rejected, the firewall has to expend resources to deal with them. Puts more load on the firewall.

So, if you want to enable ASDM access from the outside, it may be a good idea to change the default port number from 443 to one of the ephemeral ports. Use the http server enable [port] command. In the example below, I’ve changed the ASDM port to 12345. The “http_enable: Enabling HTTP server” is a response from the ASA.

ciscoasa# conf t
ciscoasa(config)# http server enable 12345
ciscoasa(config)# http_enable: Enabling HTTP server

Now you can access the ASDM via https://ASA_IP_Address:NewPortNumber (In the example above, the ASA is using the IP address 11.11.11.1 and you can access the ASA via https://11.11.11.1:12345)

Changing the ASDM port number takes effect immediately and causes existing ASDM sessions to error out when refreshing data from the ASA.

Viewing and Disconnecting ASDM Sessions

The Cisco ASDM allows a maximum of 5 concurrent ASDM sessions (per context). Use the show asdm sessions command to show all currently running ASDM sessions on the ASA. In the output below, you can see that there is an active session from a management workstation at 11.11.11.2 with a session ID of 0.

ciscoasa(config)# show asdm sessions
0 11.11.11.2

To disconnect an ASDM session, use the asdm disconnect [Session ID] command.

ciscoasa(config)# asdm disconnect 0

Additional Information:

asdm disconnect command in the Cisco ASA 8.4 and 8.5 Command Reference.

show asdm sessions command in the Cisco ASA 8.4 and 8.5 Command Reference.

http server enable command in the Cisco ASA 8.4 and 8.5 Command Reference.

Cisco Adaptive Security Device Manager Product Page at cisco.com