Solved

Configure Remote access to ASA 5505 from outside

Posted on 2014-07-26
9
317 Views
Last Modified: 2014-08-24
I want to be able to create a policy that allows me to access my home ASA from the outside. I have a static address. Is there a way to set it up so that I can navigate to the ip address followed by the port number?

I would like to do it via ASDM if possible.

Thanks
0
Comment
Question by:vmagan
9 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 40221785
What type of acces. Ssh Telnet VPN .?

Post your config
0
 
LVL 6

Author Comment

by:vmagan
ID: 40221855
I want https access
0
 
LVL 6

Assisted Solution

by:Matt
Matt earned 250 total points
ID: 40222367
What would you like to do with https access?

Normally, https is used on ASA to access VPN using CISCO AnyConnect (SSL VPN)...and if you have only one IP address, you will not be able to publish your service on SSL port except if you will listen on non-default port...

One IP with SSL = SSL VPN access
0
 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 250 total points
ID: 40222409
Post you current running config so we can take a look

I again will ask what are you trying to do?

If you need to just access the asa5505 to configure it remotely then you just need ssl or telnet setup.

As Matt said above HTTPS is used for VPN using anyconnect

You do not need anyconnect you can set up PPTP VPN which from a Windows 7 or 8 just setup the standard VPN connection and it works .

Once you are connected using VPN then you can Telnet SSH even use ASDM

Post the config
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 57

Expert Comment

by:Pete Long
ID: 40222706
Mmm, the problem with allowing HTTPS access to the ASDM ot via telnet, is how do you know what IP address you will be accessing it from?

Connecting to and Managing Cisco Firewalls

A Better approach would be to setup AnyConnect, then allow management to the the remote subnet and ad a 'management access inside' command to the config.

Regards,

Pete
0
 
LVL 6

Author Comment

by:vmagan
ID: 40222811
I'll post config when I get back. I already have vpn setup but wanted to by pass vpn and connect directly to my firewall so that I can manage it remotely.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 40222884
You really do not want to do that if you do that you leave your router wide open to attacks

VPN is the best and most secure method of connecting to your network.

Exposure like your are asking for is not good practice.

Still would like to see your config when you can post it
0
 
LVL 1

Expert Comment

by:mcammidge
ID: 40225380
If you have a static IP at the remote location (I.e. where you would be connecting from) this is easy enough to do by running the following command

http server <your-static-ip> <your-net-mask> outside

(this assumes other HTTP commands are already present) and "outside" is the named interface for your WAN interface.

if you are on a dynamic or want access from multiple locations I'd go with the other expert's and trust a VPN.
0
 
LVL 6

Author Closing Comment

by:vmagan
ID: 40281719
Went with the vpn. Thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now