Disable Admin/ASDM access only on public interface of 5510

johartman · ‎10-13-2011

Hello, I would like to know how to totaly disable Admin/ASDM access on our public interface of our 5510. I don't want to change IPSec or SSL access to the outside interface. Just totaly disable access to Admin/ASDM from the outside without halting all other access. Thanks in advance for any help!

varrao · ‎10-13-2011

Hi Johartman,

By default, ASDM access is disabled on all interface of the ASA, if you want to enable it, you use:

https server enable

http server 0.0.0.0 0.0.0.0 outside

So if you do not have any such command on ASA, it is already disabled, but if you have, just put a "no" infornt of it, like:

no http server 0.0.0.0 0.0.0.0 outside

hope that helps

Thanks,

Varun

Thanks,
Varun Rao

johartman · ‎10-13-2011

Hello Varun...I don't have an http server 0.0.0.0 0.0.0.0 outside on my ASA. I tried to run the command you suggested and it said invlaid host. I'm running 8.2(5). I do have an http 0.0.0.0 0.0.0.0 outside command though. But if I enter no http 0.0.0.0 0.0.0.0 outside will that prohibit all clientless anyconnect clients?

varrao · ‎10-13-2011

ooops thats a mistake on my part

i meant:

http 0.0.0.0 0.0.0.0 outside

if you do:

no http 0.0.0.0 0.0.0.0 outside

that will not affect your annyconnect clients, its only for ASDM access.

Here's the config guide:

http://www.cisco.com/en/US/customer/docs/security/asa/asa82/command/reference/gh.html#wp1780311

Thanks,

Varun

Thanks,
Varun Rao