Ian Arakel
asked on
Manage ASA using outside IP
We are performing a s2s tunnel creation activity on one of our remote location ASA.
To ensure we do not lose access on the ASA, we need to permit http/ ssh management access on outside interface from our selected offices PAT IPs to this firewall.
Kindly suggest on the same.
To ensure we do not lose access on the ASA, we need to permit http/ ssh management access on outside interface from our selected offices PAT IPs to this firewall.
Kindly suggest on the same.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So what SIM50 said will do it but just to make sure you understand for security reasons you would use the public PAT address of your ASA with a 255.255.255.255 mask instead of 192.168.1.0 255.255.255.0. That will lock it down so that only devices PAT'ng through your ASA will be able to make the connection.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi experts,
Is that only configuration needed?
I am unable to http into the device with the same config
Is that only configuration needed?
I am unable to http into the device with the same config
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
after you've done all config
do
wr
or else your config will be erase on next reboot
do
wr
or else your config will be erase on next reboot
ASKER
Hi There,
Below is the HTTP config.
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
http redirect inside 80
Still it does not work.
Below is the HTTP config.
http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
http redirect inside 80
Still it does not work.
ASKER
Hi Team,
The catch out here is that we can access via HTTP from inside but not from outside.
The catch out here is that we can access via HTTP from inside but not from outside.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also you are not port forwarding https to any other server/service from the outside interface are you?
Yea Pete has a good point.
He probably has SSL VPN configured. Try to add /admin to the url in ASDM.
ASKER
Hi there,
This was something strange.
There is not port forwarding configured.
The issue what we observed is that the HTTPS was not working form a specific location but was working from the rest.
@SIM50:
Does SSL VPN interfere with the HTTPS/SSH configuration to allow users from outside?
This was something strange.
There is not port forwarding configured.
The issue what we observed is that the HTTPS was not working form a specific location but was working from the rest.
@SIM50:
Does SSL VPN interfere with the HTTPS/SSH configuration to allow users from outside?
With HTTPS configuration only because the same port is used for both, VPN and ASDM connections. You can either add /admin to url or reconfigure ASDM to work on a different port.
http server enable 4443
http server enable 4443