10-13-2011 10:24 AM - edited 03-11-2019 02:37 PM
Hello, I would like to know how to totaly disable Admin/ASDM access on our public interface of our 5510. I don't want to change IPSec or SSL access to the outside interface. Just totaly disable access to Admin/ASDM from the outside without halting all other access. Thanks in advance for any help!
10-13-2011 10:28 AM
Hi Johartman,
By default, ASDM access is disabled on all interface of the ASA, if you want to enable it, you use:
https server enable
http server 0.0.0.0 0.0.0.0 outside
So if you do not have any such command on ASA, it is already disabled, but if you have, just put a "no" infornt of it, like:
no http server 0.0.0.0 0.0.0.0 outside
hope that helps
Thanks,
Varun
10-13-2011 10:43 AM
Hello Varun...I don't have an http server 0.0.0.0 0.0.0.0 outside on my ASA. I tried to run the command you suggested and it said invlaid host. I'm running 8.2(5). I do have an http 0.0.0.0 0.0.0.0 outside command though. But if I enter no http 0.0.0.0 0.0.0.0 outside will that prohibit all clientless anyconnect clients?
10-13-2011 11:10 AM
ooops thats a mistake on my part
i meant:
http 0.0.0.0 0.0.0.0 outside
if you do:
no http 0.0.0.0 0.0.0.0 outside
that will not affect your annyconnect clients, its only for ASDM access.
Here's the config guide:
http://www.cisco.com/en/US/customer/docs/security/asa/asa82/command/reference/gh.html#wp1780311
Thanks,
Varun
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: