Hi the best implementation

ankitsharma6517 · ‎06-24-2015

Hi guys

I have a scenario:

Internet -->Asa outside interface

Then another asa interface is trunk to a switch. A router is connected to the switch.

The management ip range is 192.168.0.0 subnet. I want to know how can i remotely manage the asa over the Internet? I know we can not telnet to the outside interface. So how do i get access to the asa?

Also i have allowed telnet and ssh on switch and router as well. The switch is just layer 2. Does it need a default gateway pointing to the fw?

Once i get access to the asa over internet, i also want to be able to telnet/ssh to the switch and router.

please tell me how can i implement this whole scenario?

Thanks

Rishabh Seth · ‎06-24-2015

Hi Ankit,

You can use ssh to manage the ASA from Internet.

Refer following link to enable ssh for management access:

https://supportforums.cisco.com/discussion/11581111/how-enable-ssh-asa-5525

https://supportforums.cisco.com/document/12530806/configure-asa-5525-allow-ssh-access

Thanks,

r.seth

ankitsharma6517 · ‎06-24-2015

Ya SSh is fine to get To the asa but since asa does not have ssh or telnet client, then how do i manage a switch or the router?

I have a dynamic remote access vpn running. Once the client is authenticated they get an ip from 172.18.0.0 range. Can i use the "management-interface inside" command to get access?

Please note that ip obtained through vpn is 172.18.0.0 while as i mentioned the management subnet is 192.168.0.0.

so will the above solution work or do i need to setup a new vpn separately for this?

Thanks

elnurh · ‎06-30-2015

Hi the best implementation management via internet is remote vpn connection to ASA and vuala you will be in inside network where allow to management

Cisco Asa remote management over internet