To gain access to the graphical ASDM Web management tool you need to enable the HTTPs server on the firewall, and allow HTTPs connections.

Enabling HTTPs Access

1. Generate cryptographic keys for HTTPs
2. Enable the web server on the firewall
3. Specify which management PCs are allowed to access the device

Example:
ASA(config)# crypto key generate rsa modulus 1024
ASA(config)# write mem
ASA(config)# http server enable
ASA(config)# http 192.168.1.2 255.255.255.255 inside
ASA(config)# http 192.168.1.5 255.255.255.255 inside

The example above enables HTTPs access and allows access only from two IP addresses (192.168.1.2 and 192.168.1.5) from the inside interface of the firewall.

Now, in order to access the Graphical ASDM web interface from a PC (e.g from PC with address 192.168.1.2), just open a web browser and enter the URL https://<inside firewall IP address>

Web VPN

Web VPN (or SSL VPN, or clientless VPN) is a new type of remote VPN access using a browser with HTTPs protocol. A remote teleworker for example can access internal corporate services and resources by using  his/her secure browser. The teleworker just points the browser to the external public IP address of the corporate ASA firewall which authenticates the user and gives him secure access to the internal network.

However, if you use both ASDM and Web VPN on the same firewall interface, there is going to be a conflict since both of these services use the default HTTPs port (443). To avoid this conflict we can change the default listening port of the Web VPN service to something different than 443. Lets see an example:

Example:

ASA(config)# http server enable
ASA(config)# http 100.100.1.1 255.255.255.255 outside
ASA(config)# webvpn
ASA(config-webvpn)# port 444
ASA(config-webvpn)# enable outside

On the example above, we enabled HTTP access for management (ASDM) on the outside interface, and also we have enabled webvpn access again on the outside using a different port (444). This way we avoid conflict of the two services (ASDM access listens on the default port 443 and webvpn listens on port 444).

In this case, in order for a remote teleworker to access the firewall on the outside he needs to point his browser to https://<external IP of Firewall>:444

ASA(config)# mode multiple
ASA(config)# context CONTEXT-A
ASA(config-ctx)# allocate-interface gigabitethernet0/0
ASA(config-ctx)# allocate-interface gigabitethernet0/1
ASA(config-ctx)# config-url flash:/contextA.cfg
ASA(config-ctx)# exit
ASA(config)# context CONTEXT-B
ASA(config-ctx)# allocate-interface gigabitethernet0/2
ASA(config-ctx)# allocate-interface gigabitethernet0/3
ASA(config-ctx)# config-url flash:/contextB.cfg
ASA(config-ctx)# exit
ASA(config)# exit
ASA# changeto context CONTEXT-A

The configuration above will create two security contexts and allocate two physical interfaces to each one. After the creation of the virtual firewalls, you can get into each individual security context using the command “changeto context” and start configuring each virtual firewall independently.