niedziela, 26 maja 2013

Running ASDM 5.0 for Cisco PIX 515E under Linux/Ubuntu

Cisco ASDM (Adaptive Security Device Manager) is graphical user interface which can be found in Cisco PIX firewalls familiy. ASDM 5.0 is Java application.

Oracle Java (or "Sun Java" in IT prehistory) is not a part of Ubuntu distribution and out-of-the-box installation of Firefox lacks of Java plug-in also.

Additionaly, ASDM 5.0 has compatibility issues with newer JRE editions. Security exceptions are thrown onto Java Console and application refuses to open.

If you have to work with older devices you may find some issues with running their management software. It's not always possible or cost effective to update the firmware (IOS and ASDM) to resolve issues that way.

Here's a complete receipt to install older Java, install ASDM and run it up on Ubuntu system. I guess the receipt is not so distribution specific - so you may try it on other Linux distributions too. Some steps are also common for Windows environment - I'll cover Windows installation on next post.

Environment details

  • Cisco PIX 515E firewall
    • PIX Version 7.0(4)
    • ASDM Version 5.0(4)
  • Ubuntu 13.04 (AMD64)

Let's do it

Prepare working directory

Make a workspace. Let's say - create folder named "pix" under home directory.

mkdir ~/pix

..so you can access it by:

cd ~/pix

(I know it's obvious, sorry.)

Get ASDM

Here is - how to get ASDM in "windows" way. Not sure if there is "linux" way (If you know it - leave a comment).

You may get ASDM installation by loging into PIX page. Assuming your PIX is under 192.168.1.254 open URL https://192.168.1.254. Then log into with admin password.

You should see a screen like that (in fact this is Windows screenshot).


Click on "Download ASDM Launcher.." to get MSI file. MSI is of course MS Windows installation package but inside there is a Java application.

If you have got a problem with downloading MSI file (because this is in fact Windows example or your browser lacks of Java plug-in) you may download MSI file using windows machine and then transfer it onto linux machne OR use a "wget". Assuming your PIX is accessible under 192.168.1.254 and your admin account is "admin".

cd ~/pix
wget --no-check --user=admin --ask-password https://192.168.1.254/admin/asdm50-install.msi

Get Java Runtime

You should proceed to Oracle site (not "java.com"). As it was described at the very beginning ADSM has compatibility issues and cannot work with Java Runtime 1.7. Also Java 1.6 is not perfect.

I found those Java JRE editions to work with ASDM 5.0(4) properly:
With JRE 6.0 Update 10 ASDM starts but refuses to load configuration from PIX. With higher updates main window does not appear after login dialog.
 
I recommend to download ".bin" linux edition. This is self-extracting binnary file which installs into current working directory and does not make any modification to the system. Why this one? First, Oracle does not publish ".deb" packets (only ".rpm"). Second, I guess you don't want to integrate old Java with system.

Please, download jre-1_5_0_22-linux-amd64.bin (assuming you've got 64-bit system).

Get 7zip

We'll need to extract MSI package. It's possible with 7zip. If you have got no 7zip installed, do it so with following command:

sudo apt-get install p7zip-full

Checkpoint

At this point you should have working directory called ~/pix with files inside:
  • asdm50-install.msi
  • jre-1_5_0_22-linux-amd64.bin

Extract ASDM MSI package

cd ~/pix
7z x -oasdm asdm50-install.msi *.jar

This will extract JAR files from MSI package into asdm output subfolder.

Extract / install JRE

At first bin file needs to get execute flag. Then you may run it. Accept the license and Java will extract to subfolder of working directory.

cd ~/pix
chmod a+x jre-1_5_0_22-linux-amd64.bin
./jre-1_5_0_22-linux-amd64.bin

Tip: Press "q" to skip to the end of license. Type "yes" to accept.

Time to run ASDM

How NOT to do it

Java -jar switch won't work. You'll get "Failed to load Main-Class manifest attribute" error.

Fastest way

You need to export CLASSPATH and then run java pointing a main class of ASDM.

cd ~/pix/asdm
export CLASSPATH=`pwd`/asdm-launcher.jar:`pwd`/jploader.jar

You may check your CLASSPATH by:

set | grep CLASSPATH=

Run Java pointing a main class of ASDM

cd ~/pix/jre1.5.0_22/bin
./java com.cisco.pdm.launcher.Launcher &

Congratulations! You've got Cisco PIX ASDM working on Ubuntu.



Script way


Create run-asdm.sh file..

#!/bin/sh
export CLASSPATH=$HOME/pix/asdm/asdm_launcher.jar:$HOME/pix/asdm/jploader.jar
~/pix/jre1.5.0_22/bin/java -classpath $CLASSPATH com.cisco.pdm.launcher.Launcher &

Set execute flag on script..

cd ~/pix
chmod a+x run-asdm.sh

Run it..

cd ~/pix
./run-asdm.sh

Open Champagne! ;)

Brak komentarzy:

Prześlij komentarz