Configure ASA to only allow administration from specific hosts

Short and sweet:  We have an ASA that we want to limit the ability to access from other devices.  We don't want anyone to be able to access the ASDM or the CLI from the interface leading to the external router, we do want them to be able to access the ASDM and CLI from the interface leading into the internal network.  

If I had a lab firewall, I'd play around with it till I got it, but all we have is the production firewall and I don't want to risk shutting down the entire datacenter because I told the ASA to not accept traffic from the router.
Who is Participating?
Don JohnstonConnect With a Mentor InstructorCommented:
http inside
ssh inside
Going further on the comment above you need to structure the command as above,

HTTP - This allows HTTPS connections on port TCP/443 to access the ASA - so this covers ASDM. SSH allows access on port TCP/22

IP and Subnet - This is the subnet you want to allow access, or host by simply changing the subnet, for example gives all of the - 254 gives the one host access

Inteface - this is the name of the interface you will be accessing the ASA from, so if you use the management interfaces, specify the management interface name you can do this by looking in the config at the "nameif" field of the interface configuration.

So in full

<service> <ip address> <mask> <nameif>
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.