Allowing HTTPS Access for ASDM
The display of the dot does not affect the functionality of SSH. The dot appears at the console when
generating a server key or decrypting a message using private keys during SSH key exchange before user
authentication occurs. These tasks can take up to two minutes or longer. The dot is a progress indicator
that verifies that the FWSM is busy and has not hung.
Allowing HTTPS Access for ASDM
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the FWSM.
These tasks are completed if you use the setup command. This section describes how to manually
configure ASDM access.
The FWSM allows a maximum of 5 concurrent ASDM instances per context, if available, with a
maximum of 80 ASDM instances between all contexts. You can control the number of ASDM sessions
allowed per context using resource classes. (See the
To configure ASDM access, perform the following steps:
To identify the IP addresses from which the FWSM accepts HTTPS connections, enter the following
Step 1
command for each address or subnet:
hostname(config)# http source_IP_address mask source_interface
To enable the HTTPS server, enter the following command:
Step 2
hostname(config)# http server enable
For example, to enable the HTTPS server and let a host on the inside interface with an address of
192.168.1.2 access ASDM, enter the following commands:
hostname(config)# http server enable
hostname(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access ASDM on the inside interface, enter the
following command:
hostname(config)# http 192.168.3.0 255.255.255.0 inside
Allowing a VPN Management Connection
The FWSM supports IPSec for management access. An IPSec VPN ensures that IP packets can safely
travel over insecure networks such as the Internet. All communication between two VPN peers occurs
over a secure tunnel, which means the packets are encrypted and authenticated by the peers.
The FWSM can connect to another VPN concentrator, such as a Cisco PIX firewall or a Cisco IOS router,
using a site-to-site tunnel. You specify the peer networks that can communicate over the tunnel. In the
case of the FWSM, the only address available on the FWSM end of the tunnel is the interface itself.
In routed mode, the FWSM can also accept connections from VPN clients, either hosts running the Cisco
VPN client, or VPN concentrators such as the Cisco PIX firewall or Cisco IOS router running the Easy
VPN client. Unlike a site-to-site tunnel, you do not know in advance the IP address of the client. Instead,
you rely on client authentication. Transparent firewall mode does not support remote clients. Transparent
mode does support site-to-site tunnels.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
23-4
Chapter 23
Configuring Management Access
"Configuring a Class" section on page
4-24.)
OL-20748-01