Once you’ve enabled ASDM on the Cisco ASA, here are more Cisco commands to manage the ASDM from the command line:
Changing the Default Port for ASDM
Anyone who has watched traffic on the public interface of an Internet-facing device for any length of time has probably seen a lot of portscans and probes. If well-known ports are open, then you get the intrusion attempts which are usually automated bruteforce attacks. Even if the intrustion attempt is rejected, the firewall has to expend resources to deal with them. Puts more load on the firewall.
So, if you want to enable ASDM access from the outside, it may be a good idea to change the default port number from 443 to one of the ephemeral ports. Use the http server enable [port] command. In the example below, I’ve changed the ASDM port to 12345. The “http_enable: Enabling HTTP server” is a response from the ASA.
ciscoasa# conf t ciscoasa(config)# http server enable 12345 ciscoasa(config)# http_enable: Enabling HTTP server
Now you can access the ASDM via https://ASA_IP_Address:NewPortNumber (In the example above, the ASA is using the IP address 18.104.22.168 and you can access the ASA via https://22.214.171.124:12345)
Changing the ASDM port number takes effect immediately and causes existing ASDM sessions to error out when refreshing data from the ASA.
Viewing and Disconnecting ASDM Sessions
The Cisco ASDM allows a maximum of 5 concurrent ASDM sessions (per context). Use the show asdm sessions command to show all currently running ASDM sessions on the ASA. In the output below, you can see that there is an active session from a management workstation at 126.96.36.199 with a session ID of 0.
ciscoasa(config)# show asdm sessions 0 188.8.131.52
To disconnect an ASDM session, use the asdm disconnect [Session ID] command.
ciscoasa(config)# asdm disconnect 0