Solved

Configure Remote access to ASA 5505 from outside

Posted on 2014-07-26
9
332 Views
Last Modified: 2014-08-24
I want to be able to create a policy that allows me to access my home ASA from the outside. I have a static address. Is there a way to set it up so that I can navigate to the ip address followed by the port number?

I would like to do it via ASDM if possible.

Thanks
0
Comment
Question by:vmagan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 40221785
What type of acces. Ssh Telnet VPN .?

Post your config
0
 
LVL 6

Author Comment

by:vmagan
ID: 40221855
I want https access
0
 
LVL 6

Assisted Solution

by:Matt
Matt earned 250 total points
ID: 40222367
What would you like to do with https access?

Normally, https is used on ASA to access VPN using CISCO AnyConnect (SSL VPN)...and if you have only one IP address, you will not be able to publish your service on SSL port except if you will listen on non-default port...

One IP with SSL = SSL VPN access
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 250 total points
ID: 40222409
Post you current running config so we can take a look

I again will ask what are you trying to do?

If you need to just access the asa5505 to configure it remotely then you just need ssl or telnet setup.

As Matt said above HTTPS is used for VPN using anyconnect

You do not need anyconnect you can set up PPTP VPN which from a Windows 7 or 8 just setup the standard VPN connection and it works .

Once you are connected using VPN then you can Telnet SSH even use ASDM

Post the config
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40222706
Mmm, the problem with allowing HTTPS access to the ASDM ot via telnet, is how do you know what IP address you will be accessing it from?

Connecting to and Managing Cisco Firewalls

A Better approach would be to setup AnyConnect, then allow management to the the remote subnet and ad a 'management access inside' command to the config.

Regards,

Pete
0
 
LVL 6

Author Comment

by:vmagan
ID: 40222811
I'll post config when I get back. I already have vpn setup but wanted to by pass vpn and connect directly to my firewall so that I can manage it remotely.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 40222884
You really do not want to do that if you do that you leave your router wide open to attacks

VPN is the best and most secure method of connecting to your network.

Exposure like your are asking for is not good practice.

Still would like to see your config when you can post it
0
 
LVL 1

Expert Comment

by:mcammidge
ID: 40225380
If you have a static IP at the remote location (I.e. where you would be connecting from) this is easy enough to do by running the following command

http server <your-static-ip> <your-net-mask> outside

(this assumes other HTTP commands are already present) and "outside" is the named interface for your WAN interface.

if you are on a dynamic or want access from multiple locations I'd go with the other expert's and trust a VPN.
0
 
LVL 6

Author Closing Comment

by:vmagan
ID: 40281719
Went with the vpn. Thanks
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5506 blocks telnet 11 64
Draytek (Site to Site VPN using IPSec) 6 103
upgrade Cisco Aironet AP 3 43
Check Spoof email 6 70
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question