Need help securing ADSM for Cisco Firewall?

Unanswered Question
Sep 29th, 2010
User Badges:


Good evening


We currently have Cisco ASA firewall with ADSM enabled for SSH, Telnet and http. We have installed our own SSL cert on the device which works fine.


However really we dont want the firewall to be accessible for other users via HTTP, going to the IP address should not return anything.


We access the firewall via ADSM application installed on our machines, I dont think we can simply disable HTTP for management as I think this disables the ADSM application remotely.


The firewall is with our hosting company, so we need to be able to manage it remotely via ADSM management tool. As we are not experts we would prefer sticking with the GUI.


Any recommendations ?


Thanks


Shane

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mirober2 Wed, 09/29/2010 - 11:42
User Badges:
  • Cisco Employee,

Hi Shane,


You can do this from the Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH tab. Just make sure your entries for ASDM/HTTPS only contain IP addreses for devices you want to be able to manage the firewall. Anyone not in that list will be blocked from accessing ASDM.


Hope that helps.


-Mike

ShaneOsborne Wed, 09/29/2010 - 12:22
User Badges:

Hi Mike


I cannot really do this as our company has a dynamic IP for external access and also I need to be able to configure it from my laptop when on the move.


Any other ideas ?


Thanks


Shane

mirober2 Wed, 09/29/2010 - 12:36
User Badges:
  • Cisco Employee,

Hi Shane,


It's a bit more involved, but you could setup a remote access VPN and setup ASDM to only allow external access to the IPs in the VPN pool. This way, you can provide the remote access credentials only to the administrators who should access the firewall.


Other than that, your best bet would be to do what Collin suggested and setup different user accounts with different privilege levels.


Hope that helps.


-Mike

Collin Clark Wed, 09/29/2010 - 11:42
User Badges:
  • Purple, 4500 points or more

Shane-


You can create admin only accounts on the firewall. That won't prevent users from trying to access the site, but it will prevent actual logins and log people that are trying to access the system.

ShaneOsborne Wed, 09/29/2010 - 12:26
User Badges:

This is what we currently have but really I am not happy with this as a option.


Thanks


Shane

Actions

This Discussion

Related Content