
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2014 02:57 AM - edited 03-11-2019 09:44 PM
Hello,
I would like to know how i can configure my firewall ASA with an access from the outside to my asa device. I know that it would be better a vpn but this is just to make some fast configurations and then log off.
Thanks.
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2014 01:35 PM
If you do not want to use a VPN to connect to your ASA and configure it from there, then you could just enable SSH for the outside interface. It would be best to allow only a specific IP, but if you receive a dynamic IP from your ISP then you might consider allowing any IP to connect to the outside interface (this is a major security risk and I do not recommend doing it). The best would be if you were willing to set up a VPN, connect to the VPN and then ssh to the ASA.
username NAME password PASSWORD
crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh 0 0 outside
ssh version 2 <---use version 2 if at all possible
--
Please remember to select a correct answer and rate helpfull posts
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2014 01:35 PM
If you do not want to use a VPN to connect to your ASA and configure it from there, then you could just enable SSH for the outside interface. It would be best to allow only a specific IP, but if you receive a dynamic IP from your ISP then you might consider allowing any IP to connect to the outside interface (this is a major security risk and I do not recommend doing it). The best would be if you were willing to set up a VPN, connect to the VPN and then ssh to the ASA.
username NAME password PASSWORD
crypto key generate rsa modulus 2048
aaa authentication ssh console LOCAL
ssh 0 0 outside
ssh version 2 <---use version 2 if at all possible
--
Please remember to select a correct answer and rate helpfull posts
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2014 09:30 AM
Marius,
Is there any vpn config I can use to replace the ssh connection?
thansk.!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2014 11:32 AM
I am not sure I undersant your question. Could you please clearify this a little more.
--
Please remember to select a correct answer and rate helpfull posts
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2014 12:41 PM
Insted for ssh what other option? o some type of VPN?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2014 11:44 PM
Well, you have to use either SSH, ASDM, Telnet or a console cable (directly connected) to manage the ASA. Telnet is not a secure protocol and is not permitted to connect to the ASA on an interface that has a security level of 0.
So your most secure method of administering the ASA is to connect to VPN and then connect to the ASA using one of the methods.
--
Please remember to select a correct answer and rate helpfull posts
Please remember to select a correct answer and rate helpful posts
