Solved: Management-Access in ASA

fatalXerror · ‎09-18-2020

Hi, anyone here experience to access their ASA firewall (ASDM/SSH) from the inside interface but the user is coming from outside interface of the ASA? I see some use cases using management-access but it uses VPN tunnel, can it be done without using a tunnel? Thanks

balaji.bandi · ‎09-18-2020

if you like to give access outside, you can use below command :

http 0.0.0.0 0.0.0.0 outside  < this will allow any IP, you can mention granular with IP address known if any
ssh x.x.x.x y.y.y.y outside   < change IP and subnet

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Rob Ingram · ‎09-18-2020

Hi @fatalXerror

You can only connect from the ASA's interface through to it's inside interface for management purposes (ssh, https, icmp) when coming via a VPN (RAVPN or L2L) if you have the "management-access <int>" command configured. In your scenario, without a VPN, this will not work.

HTH

View solution in original post

Marius Gunnerud · ‎09-21-2020

To access the ASA via the inside interface you need to either be on the inside of the network (management traffic is entering the inside interface) or via a VPN. You do not have any other option.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

balaji.bandi · ‎09-18-2020

if you like to give access outside, you can use below command :

http 0.0.0.0 0.0.0.0 outside  < this will allow any IP, you can mention granular with IP address known if any
ssh x.x.x.x y.y.y.y outside   < change IP and subnet

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fatalXerror · ‎09-21-2020

Hi @balaji.bandi , but what if the customer does not want like access from outside interface but instead do it in inside interface, are there any way? We do not have any OOB network that's why I did not use the mgmt interface of the ASA. Thank you

balaji.bandi · ‎09-21-2020

You need to think other option like VPN coming in and manage ASA that is the option i can think of, or any Jump box for full controller IP to access Manangment access.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎09-18-2020

Hi @fatalXerror

You can only connect from the ASA's interface through to it's inside interface for management purposes (ssh, https, icmp) when coming via a VPN (RAVPN or L2L) if you have the "management-access <int>" command configured. In your scenario, without a VPN, this will not work.

HTH

fatalXerror · ‎09-21-2020

Hi @Rob Ingram , thank you for your feedback. Is there any other way for me to access via inside interface? thank you.

Marius Gunnerud · ‎09-21-2020

To access the ASA via the inside interface you need to either be on the inside of the network (management traffic is entering the inside interface) or via a VPN. You do not have any other option.

--
Please remember to select a correct answer and rate helpful posts

fatalXerror · ‎09-21-2020

Hi All, okay thank you so much for all of the help.

Rob Ingram · ‎09-21-2020

Setup Remote Access VPN, configure that command I provided and then you can manage the ASA on the inside interface.