使用vASA842配置ASDM645

 

准备：使用VMware打开vASA842.ova文件，将第一个网络适配器桥接到一个vmnet接口，我这里是vmnet3，网段是10.0.0.0/24,网关是10.0.0.1/24

 

1、打开vASA842虚拟机，使用CRT连接上ASA CLI界面。

 

CLI查看show ver:

ciscoasa# sho version

Cisco Adaptive Security Appliance Software Version 8.4(2)
Device Manager Version 6.4(5)206

Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"

ciscoasa up 14 mins 25 secs

Hardware:   ASA 5520, 1024 MB RAM, CPU Pentium II 2400 MHz
Internal ATA Compact Flash, 8192MB
BIOS Flash unknown @ 0x0, 0KB


 0: Ext: GigabitEthernet0    : address is 000c.2951.4c2f, irq 0
 1: Ext: GigabitEthernet1    : address is 000c.2951.4c39, irq 0
 2: Ext: GigabitEthernet2    : address is 000c.2951.4c43, irq 0
 3: Ext: GigabitEthernet3    : address is 000c.2951.4c4d, irq 0

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 100            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 5              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 25             perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 0              perpetual
Shared License                    : Enabled        perpetual
AnyConnect for Mobile             : Enabled        perpetual
AnyConnect for Cisco VPN Phone    : Enabled        perpetual
Advanced Endpoint Assessment      : Enabled        perpetual
UC Phone Proxy Sessions           : 10             perpetual
Total UC Proxy Sessions           : 10             perpetual
Botnet Traffic Filter             : Enabled        perpetual
Intercompany Media Engine         : Enabled        perpetual

This platform has an ASA 5520 VPN Plus license.

Serial Number: 123456789AB
Running Permanent Activation Key: 0xb910e27a 0xbcd567eb 0xf9533454 0xdd5868dc 0xc92dd8a5
Configuration register is 0x0
Configuration last modified by enable_15 at 15:40:00.929 UTC Sat Mar 2 2019

2、配置ASDM接入（如果电脑没有安装Java环境，提前去Java官网下载一个安装上）

先配置GigabitEthernet0的接口和vmnet3在同一个网段：

ciscoasa# conf t  
ciscoasa(config)# int gi0
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# ip add 10.0.0.10 255.255.255.0
ciscoasa(config-if)# no shu

查看和测试：

ciscoasa# sho int ip br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0           10.0.0.10       YES manual up                    up  
GigabitEthernet1           unassigned      YES unset  administratively down up  
GigabitEthernet2           unassigned      YES unset  administratively down up  
GigabitEthernet3           unassigned      YES unset  administratively down up

ciscoasa# ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

再进行配置使得ASDM可用：

ciscoasa# conf t
ciscoasa(config)# webvpn
ciscoasa(config-webvpn)# username cisco password cicso pri 15
ciscoasa(config)# http server enable
ciscoasa(config)# http 10.0.0.0 255.255.255.0 inside

3、尝试在浏览器访问：https://10.0.0.1 ,正常情况出现如下界面：

4、选择两者都需要Java支持，我选择第一个，会下载一个ASDM客户端安装。

安装完成后，可以打开登录ASDM

继续选择进入ASDM界面：