A pretty straightforward question - Who's uses ASDM on their network and who doesn't...? I"m looking for responses from those of you who have either had success using ASDM, or, from those of you who have experienced hell with it.

I work for a large enterprise company - everything that I manage is currently done through the CLI. I spoke to my boss about ASDM about a month or so ago (after experiencing some configuration challenges as they relate to remote access) and he subsequently assigned me a task of providing an overview to the entire team on the benefit(s) of ASDM. I understand that the ASDM GUI can facilitate some the more complex configurations, however, I've recently read/learned that is can also bork your ASA config.

For those of you who use it on your network, do you use it when making production changes or simply for the monitoring capabilities it provides? I've used the ASDM on my home lab (I have two 5505's) and I've never had a problem with it. Initially, I was very excited about the possibility of using ASDM at work, however; after reading through some of these forum posts, I'm slowly being swayed in a different direction.

_________________
AAS, A+, CCNA
(NP in Progress)

I'm not actively managing any ASA right now, but in the past I used to use ASDM to manage the thousands of lines of ACLs that were on the ASAs I have managed. I'm talking some really large ACLs. Other than that I did everything else on the CLI.

_________________
blog.brokennetwork.ca

I manage a few ASA's, i use the CLI. The ADSM is fine for most things but I tend to find that using the CLI is much quicker, granular and better for troubleshooting.
The ADSM used to have a lot of problems with java version / compatibility, not sure if they've fixed this now?


---
- Sent from my iPhone using Tapatalk

Just turned up a couple of ASAs (8.4) and have used ASDM since I’m not strong with the ASA CLI. I agree with Infinite that ACL management is great form ASDM. There are also several tools built in that I have been utilizing the hell out of. Packet tracer is nice to verify traffic will flow through the ASA and between interfaces. I also use the real time logging a ton! Packet capture is nice but a little quirky, maybe I just need to get used to it.

Downsides of ASDM are you don’t get the full exposure of what commands you are passing to the ASA. Same effect as using wizards in Windows. Anyone can click through a wizard to setup a VPN but do they really know what they are setting up or how to use it?

_________________
http://blog.movingonesandzeros.net/

Packet tracer is available ont he CLI. So is Capture.

And go into settings and check the checkbox that says "preview commands before sending to ASA". Then you can see what the ASDM is about to do to your ASA and reject it if you don't like it. Or copy and paste it into notepad, edit it, and then paste it in yourself.

_________________
blog.brokennetwork.ca

That is what I do. The command preview is good to see what exactly it is doing. I use the ASDM most of the time to manage a few ASAs, but will also use the CLI for any changes that need to be made on all the devices, or to debug, etc. I like ACL management with ASDM, as well as packet captures (since you can launch Wireshark right from the ASDM), VPN management, etc.

My apologies for taking so long to post back. *I appreciate everyone taking the time to respond*.

The ASDM overview w/my team yesterday went fairly well. The boss said that the ASDM GUI kinda reminded him of checkpoint (many moons ago when he evidently managed these types of firewalls). I don't have any experience w/managing checkpoint stuff so I wasn't able to comment, other than saying,.. 'Cool' ... At any rate, I was asked to process a change-control in order to implement the required changes on our firewall. Looks like we'll be using a little ASDM moving forward... Word!

_________________
AAS, A+, CCNA
(NP in Progress)