Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
5
Replies

Need help securing ADSM for Cisco Firewall?

ShaneOsborne
Level 1
Level 1

‎09-29-2010 11:37 AM - edited ‎03-11-2019 11:47 AM

Good evening

We currently have Cisco ASA firewall with ADSM enabled for SSH, Telnet and http. We have installed our own SSL cert on the device which works fine.

However really we dont want the firewall to be accessible for other users via HTTP, going to the IP address should not return anything.

We access the firewall via ADSM application installed on our machines, I dont think we can simply disable HTTP for management as I think this disables the ADSM application remotely.

The firewall is with our hosting company, so we need to be able to manage it remotely via ADSM management tool. As we are not experts we would prefer sticking with the GUI.

Any recommendations ?

Thanks

Shane

Labels:
0 Helpful
5 Replies 5

mirober2
Cisco Employee
Cisco Employee

‎09-29-2010 11:42 AM

Hi Shane,

You can do this from the Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH tab. Just make sure your entries for ASDM/HTTPS only contain IP addreses for devices you want to be able to manage the firewall. Anyone not in that list will be blocked from accessing ASDM.

Hope that helps.

-Mike

0 Helpful

ShaneOsborne
Level 1
Level 1
In response to mirober2

‎09-29-2010 12:22 PM

Hi Mike

I cannot really do this as our company has a dynamic IP for external access and also I need to be able to configure it from my laptop when on the move.

Any other ideas ?

Thanks

Shane

0 Helpful

mirober2
Cisco Employee
Cisco Employee
In response to ShaneOsborne

‎09-29-2010 12:36 PM

Hi Shane,

It's a bit more involved, but you could setup a remote access VPN and setup ASDM to only allow external access to the IPs in the VPN pool. This way, you can provide the remote access credentials only to the administrators who should access the firewall.

Other than that, your best bet would be to do what Collin suggested and setup different user accounts with different privilege levels.

Hope that helps.

-Mike

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎09-29-2010 11:42 AM

Shane-

You can create admin only accounts on the firewall. That won't prevent users from trying to access the site, but it will prevent actual logins and log people that are trying to access the system.

0 Helpful

ShaneOsborne
Level 1
Level 1
In response to Collin Clark

‎09-29-2010 12:26 PM

This is what we currently have but really I am not happy with this as a option.

Thanks

Shane

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card