https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900365#M436575 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>it sounds like a better plan than opening up for each and every unit on the inside :).</P><P></P><P>But if you have a old laptop or something like that I would state that setting that up with a syslog server and use that to manage the firewall would be a even better option.</P><P>that way you would get logs and a management station.</P><P></P><P>there are several syslog servers that are free and I like to use grep that is also free to filter information. </P><P>http 10.1.1.52 255.255.255.255 inside </P><P>will make the 10.1.1.52 the only server to work with asdm</P><P>but you will have to remove the old http 10.1.1.0 255.255.255.0 inside statement.</P><P></P><P>If you find the answers helpful please rate.</P><P></P><P>good luck</P><P></P><P>HTH</P></BODY></HTML> Fri, 18 May 2012 20:13:59 GMT hobbe 2012-05-18T20:13:59Z https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900362#M436566 <P>Hello</P><P></P><P>I am currently managing an ASA5510 using ASDM through the management port but I would like to manage the ASA through the internal port.</P><P></P><P>My concern is that I thought I remembered reading someplace that if you setup an internal port for management that it can't be used for anything else.&nbsp; Is this correct?</P><P></P><P>I only configured one internal port and it is the path to my LAN.&nbsp; I would hate to configure the port for management only to find that I disconnected my firewall from my internal network in the process.&nbsp; Can I use my one and only configured internal port for both ASA management and route from my LAN thru the ASA firewall?</P><P></P><P>I currently have the management port set to 192.168.1.1 and my internal interface is 10.1.1.1.&nbsp; If I open ASDM and connect thru the management port and select Configuration/Device Management/Management&nbsp; Access/ASDM/HTTPS/Telnet/SSH</P><P></P><P>select "ADD"</P><P>select access type "ASDM/HTTPS"</P><P>select interface "internal"</P><P>IP Address&nbsp;&nbsp; "10.1.1.0"</P><P>Mask&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "255.255.255.0"</P><P></P><P>Will that give me access to ASA management thru my internal network but cripple my network access to the ASA?&nbsp; </P><P></P><P>Sorry if this is confusing... I don't know how else to phrase it.</P><P></P><P>Thanks</P><P>Ed</P> Mon, 11 Mar 2019 23:08:52 GMT https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900362#M436566 Edward Luna 2019-03-11T23:08:52Z https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900363#M436569 <HTML><HEAD></HEAD><BODY><P>Hi </P><P>yes you can use the inside interface, no problem</P><P></P><P>do you have a special address you know you will be coming from ?</P><P>if not you should have that </P><P></P><P>start the cli</P><P>http 10.1.1.0 255.255.255.0 inside</P><P></P><P></P><P>good luck</P><P></P><P>HTH</P></BODY></HTML> Fri, 18 May 2012 19:57:57 GMT https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900363#M436569 hobbe 2012-05-18T19:57:57Z https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900364#M436572 <HTML><HEAD></HEAD><BODY><P> Thanks for the fast reply.</P><P></P><P>I was thinking that I might use remote administration to my Small Business Server 2008 (RWW) to connect to my server (known internal IP address) and specify that only that IP can administer the ASA.</P><P></P><P>Sound like a plan? <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_macro_emoticon" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P><P></P><P>Ed</P></BODY></HTML> Fri, 18 May 2012 20:04:09 GMT https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900364#M436572 Edward Luna 2012-05-18T20:04:09Z https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900365#M436575 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>it sounds like a better plan than opening up for each and every unit on the inside :).</P><P></P><P>But if you have a old laptop or something like that I would state that setting that up with a syslog server and use that to manage the firewall would be a even better option.</P><P>that way you would get logs and a management station.</P><P></P><P>there are several syslog servers that are free and I like to use grep that is also free to filter information. </P><P>http 10.1.1.52 255.255.255.255 inside </P><P>will make the 10.1.1.52 the only server to work with asdm</P><P>but you will have to remove the old http 10.1.1.0 255.255.255.0 inside statement.</P><P></P><P>If you find the answers helpful please rate.</P><P></P><P>good luck</P><P></P><P>HTH</P></BODY></HTML> Fri, 18 May 2012 20:13:59 GMT https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900365#M436575 hobbe 2012-05-18T20:13:59Z https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900366#M436580 <HTML><HEAD></HEAD><BODY><P> oops... I just thought of something.</P><P></P><P>RWW connects to the SBS 2008 via HTTPS (port 443)</P><P>The add device management in ASDM says it uses port 443 for HTTP admin access.&nbsp; Sounds like a conflict.</P><P></P><P>Will I need to change the port assignment for ASDM management from 443 to 444 or does the fact that the IP addresses are different for the two functions negate the need for different ports? </P><P></P><P>In other words... ASDM comes in port 443 but for ip addy 10.1.1.1 and RWW comes in port 443 but ip addy 10.1.1.2. </P><P></P><P><SPAN __jive_emoticon_name="confused" __jive_macro_name="emoticon" class="jive_macro jive_macro_emoticon" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P></BODY></HTML> Fri, 18 May 2012 20:22:40 GMT https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900366#M436580 Edward Luna 2012-05-18T20:22:40Z https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900367#M436583 <HTML><HEAD></HEAD><BODY><P> I will gladly rate... your answers are always very helpfull.&nbsp; Now if I only knew how to rate we'd be fat.&nbsp; How do I do it?&nbsp; Rate I mean. <SPAN __jive_emoticon_name="laugh" __jive_macro_name="emoticon" class="jive_macro jive_macro_emoticon" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN>&nbsp; </P></BODY></HTML> Fri, 18 May 2012 20:27:52 GMT https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900367#M436583 Edward Luna 2012-05-18T20:27:52Z https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900368#M436584 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>Yes the different addres makes it a totally different thing.</P><P>443 is "standard" for https so basically most webservers that uses SSL use that port.</P><P></P><P>This is basic TCP/IP and if you are to work with firewalls you should study it until you know it front to back.</P><P>There are some realy nice books from o´reilly. if you have the time it would make sence to start reading up on ip v6 also. its not "here" when it comes to america and europe, but it is growing fast in Asia.</P><P></P><P></P><P>good luck</P><P></P><P>hth</P></BODY></HTML> Fri, 18 May 2012 21:47:11 GMT https://community.cisco.com/t5/network-security/managing-asa5510-using-asdm-via-internal-interface/m-p/1900368#M436584 hobbe 2012-05-18T21:47:11Z