Re: asa 5505 remote access

ocporbust2 · ‎07-19-2013

Hello ,

we have a network that uses asa 5505 . I am able to telnet to it from w/ in the network , but when I am at home I cannot telnet to it . my question is what type of config I need to apply for the connection to work , I also want to be able to use asdm as the tool for config. at work I was able to check the

config

asa#sho run http

http server anble

http 0.0.0.0 0.0.0.0. inside

http x.x.x.x.x 255.255.255.0 outside <---- this is the config that I added.

one more think , I can't ping the asa ip from home either.

Thanks

Karim

Marvin Rhoads · ‎07-19-2013

Please refer to the configuration guide here. It covers setting up management access including ping (icmp).

Your http line should have your remote (outside) client public IP in the line, generally with a /32 mask (255.255.255.255).

Ping can be allowed with "icmp permit any outside".

I strongly suggest you not use insecure telnet to manage a security device like an ASA firewall. SSH or ASDM (over https) is recommended.

Jouni Forss · ‎07-19-2013

Hi,

You can only use Telnet to manage the ASA on a "security-level 0" interface through a VPN Connection (or it might be the interface with the default route might be the thing that defines the interface which wont accept Telnet connections). Otherwise it will be blocked by the ASA whatever you configure with the "telnet" command.

I would suggest using SSH as Marvin has already suggested.

- Jouni