Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
4
Helpful
5
Replies

Can not manage ASA5505 Device from Outside NW using TELENT or WEB..........

Dipesh Patel
Level 2
Level 2

‎02-21-2008 01:32 AM - edited ‎03-11-2019 05:05 AM

Dear all,

I can not access telnet or http from outside......

I m trying to accesstelnet or http using IP

10.5.213.22

Working Running Config is life this .....

sh run

: Saved

:

ASA Version 7.2(2)

!

hostname ABB-ASA5505

domain-name cisco.com

enable password xxx

names

!

interface Vlan1

nameif inside

security-level 100

ip address 172.5.200.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 10.5.213.30 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd xxx

ftp mode passive

clock timezone IST 5 30

dns server-group DefaultDNS

domain-name cisco.com

access-list inside_access_in extended permit ip host 172.5.200.2 host 10.5.161.16

access-list outside_access_in extended permit ip host 10.5.161.16 host 10.5.213.21

access-list outside_access_in extended permit ip host 10.5.161.16 host 10.5.213.22

pager lines 24

logging enable

logging buffered debugging

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

static (inside,outside) 10.5.213.21 172.5.200.2 netmask 255.255.255.255

static (inside,outside) 10.5.213.22 172.5.200.1 netmask 255.255.255.255

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 10.5.213.35 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 172.5.200.2 255.255.255.255 inside

http 10.5.161.16 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet 172.5.200.2 255.255.255.255 inside

telnet 10.5.161.16 255.255.255.255 outside

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect icmp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

: end

ABB-ASA5505#

Pls help

Labels:
0 Helpful
5 Replies 5

m.sir
Level 7
Level 7

‎02-21-2008 03:52 AM

You need permit telnet/web access for 10.5.213.22

with commands

telnet 10.5.213.22 255.255.255.255 outside

http 10.5.213.22 255.255.255.255 outside

M.

Dipesh Patel
Level 2
Level 2
In response to m.sir

‎02-22-2008 12:50 AM

Dear,

10.5.161.16 is my outside NW PC from where I need to access ASA device.

10.5.213.22 is mapped address for 172.5.200.1 ( Vlan 1 interface - Inside nw Address ).

I have given access for telnet and web but it's not working even I can not ping 10.5.213.22 from 10.5.161.16 ( outside )

0 Helpful

Harald-Norvik
Level 1
Level 1
In response to Dipesh Patel

‎02-22-2008 08:42 AM

No, you should not address translate the inside interface and connect to this from the outside.

Use the outside interface to connect to. There is no additional security by trying to pass through the ASA.

Test this:

ping the outside interface. If it answers, your routing is correct.

Then use https or telnet to this ip address. However, I would never configure telnet access on an outside interface. Use SSH instead!

You may get around this by using the command `management-access inside`, but I am not sure if you will actually get it working. This command is more intended to manage a firewall through a VPN tunnel.

Harald

0 Helpful

srue
Level 7
Level 7
In response to Harald-Norvik

‎02-22-2008 11:05 AM

PIX/ASA won't let you telnet to the outside interface unless it's over a VPN.

stick to SSH/HTTPS.

Make sure you generate your rsa keys.

0 Helpful

onlyabhishek007
Level 1
Level 1

‎03-07-2008 01:29 AM

u r not able to telnet the outside interface of the firewall use the ssh for the command line access.use the following command for access the web from outside

http 10.5.213.22 255.255.255.255 outside

ssh 10.5.213.22 255.255.255.255 outside

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card