Cisco PIX ASDM Guide Day One

Simplify the process of configuring the PIX firewall for your customers with the help of Cisco's Adaptive Security Device Manager (ASDM). Get installation and troubleshooting tips with this Step-by-Step Guide today.

Cisco's ASDM can help value-added resellers (VARs) and network consultants who are working to configure their customers' PIX firewalls. This Step-by-step guide, posted here courtesy of, offers installation and troubleshooting tips for channel professionals.

To simplify the PIX firewall configuration, Cisco has provided Adaptive Security Device Manager (ASDM). ASDM provides a powerful, easy-to-use interface for the configuration of selected PIX firewalls (see Cisco's documentation or Website for the PIX models that support ASDM.)

Installing ASDM is normally a painless process; however, many of us buy equipment from failed ISPs, Hosting providers, or equipment that has been refurbished. It's cheaper; however, the lack of documentation and support is a big pain. With that said, this article covers some of the ASDM issues and workarounds as well as the actual installation of ASDM.

I am basing this article on PIX software version 7.0(2) and ASDM 5.0. You will likely need to upgrade your PIX to 7.0 before installing ASDM. Previous versions of the PIX software worked with Cisco's PDM such as PIX 6.2, & 6.3(4). Please note that if you are currently using a PIX 515 or 515e appliance you will need a memory upgrade to install PIX 7.0. You can issue the show version command from the CLI to check the software version and model of your PIX.

The PIX 515/515e series total memory should be 32MB. You will need 64MB for PIX 7.0 & ASDM. For reference, the Cisco part number for this upgrade, at the time of this writing, is PIX-515-MEM-32=.

Please refer to Cisco's documentation to upgrade the PIX. Downgrading the PIX after the installation of 7.0 is supported. You can downgrade back to 6.x; however, you will need to remove ASDM if this happens. ASDM is not supported on Cisco PIX 6.x software.

Please note also that upgrading a PIX appliance in a failover set from 6.x to 7.x is a major upgrade and cannot be done without downtime. Upgrading to 7.x in a failover set is documented by Cisco, and this documentation can be found on Cisco's Website.

After the upgrade to 7.x is complete, we can start the process of installing ASDM. Be sure to have your ASDM image from Cisco's Website. You can download it on the same page where you normally obtain Cisco's PIX software.

Tomorrow: Installing ASDM

Read more on Network monitoring and analysis