Link to home
Start Free TrialLog in
Avatar of Ian Arakel
Ian ArakelFlag for India

asked on

Manage ASA using outside IP

We are performing a s2s tunnel creation activity on one of our remote location ASA.
To ensure we do not lose access on the ASA, we need to permit http/ ssh management access on outside interface from our selected offices PAT IPs to this firewall.

Kindly suggest on the same.
SOLUTION
Avatar of SIM50
SIM50
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ken Boone
So what SIM50 said will do it but just to make sure you understand for security reasons you would use the public PAT address of your ASA with a 255.255.255.255 mask  instead of 192.168.1.0 255.255.255.0.   That will lock it down so that only devices PAT'ng through your ASA will be able to make the connection.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Ian Arakel

ASKER

Hi experts,

Is that only configuration needed?
I am unable to http into the device with the same config
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
after you've done all config
do
wr

or else your config will be erase on next reboot
Hi There,

Below is the HTTP config.

http server enable
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
http redirect inside 80

Still it does not work.
Hi Team,

The catch out here is that we can access via HTTP from inside but not from outside.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also you are not port forwarding https to any other server/service from the outside interface are you?
Yea Pete has a good point.
He probably has SSL VPN configured. Try to add /admin to the url in ASDM.
Hi there,

This was something strange.
There is not port forwarding configured.
The issue what we observed is that the HTTPS was not working form a specific location but was working from the rest.

@SIM50:
Does SSL VPN interfere with the HTTPS/SSH configuration to allow users  from outside?
With HTTPS configuration only because the same port is used for both, VPN and ASDM connections. You can either add /admin to url or reconfigure ASDM to work on a different port.
http server enable 4443