remote ASA administration setup help

I have to setup an Cisco ASA 5506 for a remote site but unsure of how to do this so that I can remotely manage it. Can someone give me some guidance on how to accomplish this please? Thanks in advance..
Brian E.IT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Justin EvansCommented:
Hi,  

You need to enable SSH on the firewall,  

look at this example on mustbegeek.com

http://www.mustbegeek.com/configure-ssh-access-in-cisco-asa/

Kind Regards

Justin
0
Brian E.IT DirectorAuthor Commented:
hi Thanks for the response. I know how to do this if I know the network they are coming from (inside addr) but how do I do this if they are coming in from outside interface. Also how do I allow outside access to asdm?
0
Brian E.IT DirectorAuthor Commented:
Here is my dilemma... I have to basically set this firewall up and then ship it from Ohio to Phoenix. I've never setup a asa from scratch. I can handle this if I could be in Phoenix and get it setup with active interfaces but since I have to do this blindly and unable to test this I need some solid guidance on how to go about this.  

any suggestions would be greatly appreciated..
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

ArneLoviusCommented:
Enable local user authentication for SSH and ASDM

aaa authentication ssh console LOCAL
aaa authentication http console LOCAL

Determine your interface names

Use the following sample to setup SSH

ssh $network $subnetmask $interfacename
ssh timeout $timeout
ssh version 2

As an example for the inside interface with a 60 second timeout and allowing access from any network that can reach the inside interface

ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
ssh version 2

Use the following sample to setup ASDM

http server enable $port
http server idle-timeout $desiredtimeout
http $network $subnet $interfacename

As an example using port 8443, and configuring the inside interface with a 10 minute timeout and allowing access from any network that can reach the inside interface

http server enable 8443
http server idle-timeout 600
http 0.0.0.0 0.0.0.0 inside
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian E.IT DirectorAuthor Commented:
thank you, I will give this a shot. Also shouldn't the anyconnect client come on the internal flash. I am assuming that will be the best way of reaching the internal network from external?or should I be able to reach asdm from external network through https after the above example is set
0
ArneLoviusCommented:
To access the internal network, one can either use NAT rules, a remote access VPN or a site to site VPN, whichever is the most appropriate.

Presuming that you have a spare computer, you can always test access to ASDM locally on the WAN interface with a suitable addition to the config before shipping it.
0
Brian E.IT DirectorAuthor Commented:
Thanks to all that helped
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.