02-14-2009 10:56 PM
We have several ASA 5520's that are only accessible by 1 of 2 methonds:
1. Through the outside interface, using only SSH.
2. Through the inside interface, but having to hop through an internal routing device (usually a 2800 series router). Telnet, ssh, snmp are all available through this device.
My 2 questions:
1. Can the ASA's be managed using SSH only, or is SNMP required?
2. Is there a way to have CiscoWorks hop through one of the 2800's to manage the ASA?
Thx.
02-15-2009 05:24 AM
Hi!
I think that it is not possible to tell Ciscoworks to hop through an router to the ASA.
And for managing the devices you have to use SNMP. Without it isn't possible I think.
But you can use a ACL to allow SNMP only for the IP of Ciscoworks.
02-15-2009 09:48 AM
Thanks Sven. That's an idea. I would like to use SNMP on the outside, but version 2 is not secure. The ASA's don't do version 3 as far as I know. Maybe we'll build a vpn tunnel and make it secure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide