05-29-2012 12:09 PM - edited 03-11-2019 04:12 PM
Hi,
I have some qeustions about making an ASA accessiblr from the outside. At our clients we want to make the ASA's accessible from the outside so if the VPN tunnel goes down for any reason we are still able to access the ASA from the outside with https and ssh.
At the moment we have 1 management pc with a fixed IP who can access all the branch ASA's so only 1 IP address has the abbility to access the asa's from the outside.
I would really appreciate some advice on how i can secure this the best way? Are there other things i really need to do to make this secure or is it already secured since only 1 IP address can access the asa's?
I really would appreciate some advice on how to implement this the correct way
Thanks in advance!
Sent from Cisco Technical Support iPhone App
Solved! Go to Solution.
05-29-2012 01:15 PM
Hi Bart,
This is secure, since you are openly access for only one particular machine on the outside, all other requests would be denied by the ASA, you don't need any access-list for it. Since the HTTPS and SSH access are secure connections, it would not be any threat to you.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-29-2012 12:22 PM
Hi Bart,
Yes it can be done for a specific IP on the outside interface, yu would need this:
ssh
http
This would give you access only for one ip.
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-29-2012 12:26 PM
Hi,
Thanks for your quick reply!
I'm sorry if i was not clear but i already knew how to do that, and its working this way.
My qeustion was, is this secure? Or do i need to implement some other features like ACL's etc. I would like some advice on if it's save or not, and if not how can i make it more secure!
Thanks!
Sent from Cisco Technical Support iPhone App
05-29-2012 01:15 PM
Hi Bart,
This is secure, since you are openly access for only one particular machine on the outside, all other requests would be denied by the ASA, you don't need any access-list for it. Since the HTTPS and SSH access are secure connections, it would not be any threat to you.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-29-2012 01:23 PM
Hi,
Thats what i thougt, glad you could confirm this for me!
Thanks alot!
Sent from Cisco Technical Support iPhone App
05-29-2012 01:27 PM
Thanks Bart, let me know if you know have any questions. You can also mark this thread as answered so that it can help others as well.
Thanks,
Varun Rao
Security Team,
Cisco TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide