Managing ASA's the hard way

Unanswered Question
Feb 14th, 2009

We have several ASA 5520's that are only accessible by 1 of 2 methonds:

1. Through the outside interface, using only SSH.

2. Through the inside interface, but having to hop through an internal routing device (usually a 2800 series router). Telnet, ssh, snmp are all available through this device.

My 2 questions:

1. Can the ASA's be managed using SSH only, or is SNMP required?

2. Is there a way to have CiscoWorks hop through one of the 2800's to manage the ASA?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Sven Hruza Sun, 02/15/2009 - 05:24


I think that it is not possible to tell Ciscoworks to hop through an router to the ASA.

And for managing the devices you have to use SNMP. Without it isn't possible I think.

But you can use a ACL to allow SNMP only for the IP of Ciscoworks.

tim.banic Sun, 02/15/2009 - 09:48

Thanks Sven. That's an idea. I would like to use SNMP on the outside, but version 2 is not secure. The ASA's don't do version 3 as far as I know. Maybe we'll build a vpn tunnel and make it secure.


This Discussion