Although it has it's quirks and annoyances (such as inability to use 'chains'/lists) the Cisco firewall thingy is not too bad. An object oriented approach to firewalling is really nice once you are exposed to it, however the fact that the utility insists on a particular web-browser, OS and Java version to run can make it quite annoying.
N.B. M$ Windoze lusers might want to take note that these destructions also apply to their operating system too. The JNLP file is identical however the location of the '.asdm' and '.java.policy' file is different. You should have a read of the location documentation over at the Sun website.
After finding out about Java Web Start I decided to use that to bring in the ASDM application to Linux, to be able to be run as a native-ish application.
All you have to do is start off by creating the '~/.asdm/data/' directory:
alex@toughbook:~$ mkdir -p ~/.asdm/data
Create or amend the files '~/.java.policy' and 'asdm.jnlp' as shown below and then to open the ASDM all you have to do is type:
alex@toughbook:~$ javaws asdm.jnlp
These instructions have been tested to work for JRE 1.4.2+, 1.5 and 1.6.
~/.java.policy
// this first line is a useful grant if you use ssh tunnelling to
// get to your Cisco PIX; same for the JNLP file below
//grant codeBase "https://127.0.0.1:4443/admin/-" {
grant codeBase "https://172.16.4.202/admin/-" {
permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
permission java.awt.AWTPermission "listenToAllAWTEvents";
permission java.awt.AWTPermission "accessClipboard";
permission java.io.FilePermission "${user.home}/.asdm/-", "read,write";
};
You need to replace w.x.y.z in the 'codeBase' entry with the management IP of your Cisco ASDM thingy. This is whichever IP you use to connect using a web-browser to the ASDM.
asdm.jnlp
<?xml version="1.0" encoding="utf-8"?>
<jnlp
spec="1.0+"
<!-- codebase="https://127.0.0.1:4443/admin/"> -->
codebase="https://w.x.y.z/admin/">
<information>
<title>Cisco ASDM Frontend</title>
<vendor>Cisco</vendor>
<homepage href="http://www.cisco.com/" />
</information>
<resources>
<j2se version="1.4.2+"/>
<jar href="jploader.jar"/>
<jar href="lzma.jar"/>
</resources>
<!-- <applet-desc documentBase="https://127.0.0.1:4443/admin/" -->
<applet-desc documentBase="https://w.x.y.z/admin/"
main-class="com.cisco.nm.dice.loader.Loader"
name="Cisco ASDM Frontend" width="400" height="68">
<param name="dynarchives" value="pdm.sgz"/>
<param name="dynapplet" value="com.cisco.pdm.PDMApplet"/>
<param name="cacheDir" value="${user.home}/.asdm/cache"/>
<!-- <param name="errorUrl" value="error.html"/> -->
<param name="execMode" value="false"/>
</applet-desc>
</jnlp>
Again replace the two w.x.y.z in the JNLP file.