Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
10
Helpful
5
Replies

ASA access fron the outside

Go to solution
Bart Kersten
Level 1
Level 1

‎05-29-2012 12:09 PM - edited ‎03-11-2019 04:12 PM

Hi,

I have some qeustions about making an ASA accessiblr from the outside. At our clients we want to make the ASA's accessible from the outside so if the VPN tunnel goes down for any reason we are still able to access the ASA from the outside with https and ssh.

At the moment we have 1 management pc with a fixed IP who can access all the branch ASA's so only 1 IP address has the abbility to access the asa's from the outside.

I would really appreciate some advice on how i can secure this the best way? Are there other things i really need to do to make this secure or is it already secured since only 1 IP address can access the asa's?

I really would appreciate some advice on how to implement this the correct way

Thanks in advance!

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to Bart Kersten

‎05-29-2012 01:15 PM

Hi Bart,

This is secure, since you are openly access for only one particular machine on the outside, all other requests would be denied by the ASA, you don't need any access-list for it. Since the HTTPS and SSH access are secure connections, it would not be any threat to you.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

View solution in original post

5 Replies 5

Go to solution
varrao
Level 10
Level 10

‎05-29-2012 12:22 PM

Hi Bart,

Yes it can be done for a specific IP on the outside interface, yu would need this:

ssh outside

http outside

This would give you access only for one ip.

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
0 Helpful

Go to solution
Bart Kersten
Level 1
Level 1

‎05-29-2012 12:26 PM

Hi,

Thanks for your quick reply!

I'm sorry if i was not clear but i already knew how to do that, and its working this way.

My qeustion was, is this secure? Or do i need to implement some other features like ACL's etc. I would like some advice on if it's save or not, and if not how can i make it more secure!

Thanks!

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Bart Kersten

‎05-29-2012 01:15 PM

Hi Bart,

This is secure, since you are openly access for only one particular machine on the outside, all other requests would be denied by the ASA, you don't need any access-list for it. Since the HTTPS and SSH access are secure connections, it would not be any threat to you.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Go to solution
Bart Kersten
Level 1
Level 1

‎05-29-2012 01:23 PM

Hi,

Thats what i thougt, glad you could confirm this for me!

Thanks alot!

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Bart Kersten

‎05-29-2012 01:27 PM

Thanks Bart, let me know if you know have any questions. You can also mark this thread as answered so that it can help others as well.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card