Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module Installation Guide
7
Note: Shift-6 on US and UK keyboards issues the caret (^) character. If you have a different keyboard and cannot issue
the caret (^) character as a standalone character, you can temporarily change the escape character to a different
character. In Cisco IOS, before you session to the ASASM, use the terminal escape-character ascii_number command.
For example, to temporarily change the sequence to Ctrl-w, x, enter terminal escape-character 23.
the caret (^) character as a standalone character, you can temporarily change the escape character to a different
character. In Cisco IOS, before you session to the ASASM, use the terminal escape-character ascii_number command.
For example, to temporarily change the sequence to Ctrl-w, x, enter terminal escape-character 23.
6
Configure ASDM Connectivity
Because the ASASM does not have physical interfaces, it does not come pre-configured for ASDM access; you must configure
ASDM access using the CLI on the ASASM.
ASDM access using the CLI on the ASASM.
Step 1
(Optional) Enable transparent firewall mode:
firewall transparent
This command clears your configuration. See the configuration guide for more information.
Step 2
Do one of the following to configure a management interface, depending on your mode:
•
Routed mode—
interface vlan
number
ip address
ip_address [mask]
nameif
name
security-level
level
Example:
ciscoasa(config)# interface vlan 1
ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# security-level 100
The security_level is a number between 1 and 100, where 100 is the most secure.
•
Transparent mode—Configure a bridge virtual interface and assign a management VLAN to the bridge group.
interface bvi
bvi_number
ip address
ip_address [mask]
interface vlan
number
bridge-group
bvi_number
nameif
name
security-level
level
Example:
ciscoasa(config)# interface bvi 1
ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0
ciscoasa(config)# interface vlan 1
ciscoasa(config-if)# bridge-group 1
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# security-level 100
The security_level is a number between 1 and 100, where 100 is the most secure.
Step 3
(For directly-connected management hosts) Enable DHCP for the management host on the management interface
network:
network:
dhcpd address
ip_address-ip_address interface_name
dhcpd enable
interface_name
Example:
ciscoasa(config)# dhcpd address 192.168.1.2-192.168.1.254 inside
ciscoasa(config)# dhcpd enable inside