04-15-2009 01:17 PM - edited 03-11-2019 08:19 AM
Hi,
I was just wondering about best practices when it comes to remote administration of the ASA.
It appears that SSH is the best option, but the one thing that bugs me is that I would have to allow SSH access on the outside interface for all IPs since I don't ever know from where I may need access to it.
Any suggestions on how this is normally done? I am not comfortable with the above solution since technically I am allowing somebody to use brute force attacks for as long as they want (unless there are options which can be configure to prevent this)
any help will be appreciated
thanks
04-15-2009 02:17 PM
You can use webvpn , from within webvpn you can rdp to an internal system and use ssh or asdm or even telnet sessions. Webvpn is SSL based and it is secure and you do not have to do any any for ssh outside interface.
regards
04-17-2009 06:14 AM
If you only want to manage your ASA
try to configure a RA VPN and allow connection to your Inside interface using
management-access Inside
you can now connect via VPN and directly SSH to your Inside IP Address
HTH Michael
04-17-2009 06:19 AM
well, this is the thing: I already do all these things, but every once in a while my endusers (mostly C-level) call me and tell me they can't log in through VPN or webVPN. Something goes haywire and then obviously I can't log on using these methods as well.
So I thought mmaybe I could use SSH and try to reach the ASA that way from outside. I am not sure if the 5510 supports any kind of out-of-band access methods. I am pretty sure that ours doesn't since we have a very basic setup
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide