Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
5
Helpful
5
Replies

Fast access but secure

Go to solution
opnineopnine
Level 1
Level 1

‎09-12-2014 02:57 AM - edited ‎03-11-2019 09:44 PM

Hello,

 

I would like to know how i can configure my firewall ASA with an access from the outside to my asa device. I know that it would be better a vpn but this is just to make some fast configurations and then log off.

 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎09-12-2014 01:35 PM

If you do not want to use a VPN to connect to your ASA and configure it from there, then you could just enable SSH for the outside interface.  It would be best to allow only a specific IP, but if you receive a dynamic IP from your ISP then you might consider allowing any IP to connect to the outside interface (this is a major security risk and I do not recommend doing it).  The best would be if you were willing to set up a VPN, connect to the VPN and then ssh to the ASA.

username NAME password PASSWORD

crypto key generate rsa modulus 2048

aaa authentication ssh console LOCAL

ssh 0 0 outside

ssh version 2  <---use version 2 if at all possible

--

Please remember to select a correct answer and rate helpfull posts

 

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marius Gunnerud
VIP
VIP

‎09-12-2014 01:35 PM

If you do not want to use a VPN to connect to your ASA and configure it from there, then you could just enable SSH for the outside interface.  It would be best to allow only a specific IP, but if you receive a dynamic IP from your ISP then you might consider allowing any IP to connect to the outside interface (this is a major security risk and I do not recommend doing it).  The best would be if you were willing to set up a VPN, connect to the VPN and then ssh to the ASA.

username NAME password PASSWORD

crypto key generate rsa modulus 2048

aaa authentication ssh console LOCAL

ssh 0 0 outside

ssh version 2  <---use version 2 if at all possible

--

Please remember to select a correct answer and rate helpfull posts

 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
opnineopnine
Level 1
Level 1
In response to Marius Gunnerud

‎12-03-2014 09:30 AM

Marius,

 

Is there any vpn config I can use to replace the ssh connection?

 

thansk.!

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to opnineopnine

‎12-03-2014 11:32 AM

I am not sure I undersant your question.  Could you please clearify this a little more.

--

Please remember to select a correct answer and rate helpfull posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
opnineopnine
Level 1
Level 1
In response to Marius Gunnerud

‎12-03-2014 12:41 PM

Insted for ssh what other option? o some type of VPN?

 

Thanks

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to opnineopnine

‎12-03-2014 11:44 PM

Well, you have to use either SSH, ASDM, Telnet or a console cable (directly connected) to manage the ASA.  Telnet is not a secure protocol and is not permitted to connect to the ASA on an interface that has a security level of 0.

So your most secure method of administering the ASA is to connect to VPN and then connect to the ASA using one of the methods.

--

Please remember to select a correct answer and rate helpfull posts

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card