09-29-2010 11:37 AM - edited 03-11-2019 11:47 AM
Good evening
We currently have Cisco ASA firewall with ADSM enabled for SSH, Telnet and http. We have installed our own SSL cert on the device which works fine.
However really we dont want the firewall to be accessible for other users via HTTP, going to the IP address should not return anything.
We access the firewall via ADSM application installed on our machines, I dont think we can simply disable HTTP for management as I think this disables the ADSM application remotely.
The firewall is with our hosting company, so we need to be able to manage it remotely via ADSM management tool. As we are not experts we would prefer sticking with the GUI.
Any recommendations ?
Thanks
Shane
09-29-2010 11:42 AM
Hi Shane,
You can do this from the Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH tab. Just make sure your entries for ASDM/HTTPS only contain IP addreses for devices you want to be able to manage the firewall. Anyone not in that list will be blocked from accessing ASDM.
Hope that helps.
-Mike
09-29-2010 12:22 PM
Hi Mike
I cannot really do this as our company has a dynamic IP for external access and also I need to be able to configure it from my laptop when on the move.
Any other ideas ?
Thanks
Shane
09-29-2010 12:36 PM
Hi Shane,
It's a bit more involved, but you could setup a remote access VPN and setup ASDM to only allow external access to the IPs in the VPN pool. This way, you can provide the remote access credentials only to the administrators who should access the firewall.
Other than that, your best bet would be to do what Collin suggested and setup different user accounts with different privilege levels.
Hope that helps.
-Mike
09-29-2010 11:42 AM
Shane-
You can create admin only accounts on the firewall. That won't prevent users from trying to access the site, but it will prevent actual logins and log people that are trying to access the system.
09-29-2010 12:26 PM
This is what we currently have but really I am not happy with this as a option.
Thanks
Shane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide