Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA access fron the outside

Hi,

I have some qeustions about making an ASA accessiblr from the outside. At our clients we want to make the ASA's accessible from the outside so if the VPN tunnel goes down for any reason we are still able to access the ASA from the outside with https and ssh.

At the moment we have 1 management pc with a fixed IP who can access all the branch ASA's so only 1 IP address has the abbility to access the asa's from the outside.

I would really appreciate some advice on how i can secure this the best way? Are there other things i really need to do to make this secure or is it already secured since only 1 IP address can access the asa's?

I really would appreciate some advice on how to implement this the correct way

Thanks in advance!

Sent from Cisco Technical Support iPhone App

1 ACCEPTED SOLUTION

Accepted Solutions
Red

ASA access fron the outside

Hi Bart,

This is secure, since you are openly access for only one particular machine on the outside, all other requests would be denied by the ASA, you don't need any access-list for it. Since the HTTPS and SSH access are secure connections, it would not be any threat to you.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
5 REPLIES
Red

ASA access fron the outside

Hi Bart,

Yes it can be done for a specific IP on the outside interface, yu would need this:

ssh outside

http outside

This would give you access only for one ip.

Hope that helps.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Re: ASA access fron the outside

Hi,

Thanks for your quick reply!

I'm sorry if i was not clear but i already knew how to do that, and its working this way.

My qeustion was, is this secure? Or do i need to implement some other features like ACL's etc. I would like some advice on if it's save or not, and if not how can i make it more secure!

Thanks!

Sent from Cisco Technical Support iPhone App

Red

ASA access fron the outside

Hi Bart,

This is secure, since you are openly access for only one particular machine on the outside, all other requests would be denied by the ASA, you don't need any access-list for it. Since the HTTPS and SSH access are secure connections, it would not be any threat to you.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Re: ASA access fron the outside

Hi,

Thats what i thougt, glad you could confirm this for me!

Thanks alot!

Sent from Cisco Technical Support iPhone App

Red

ASA access fron the outside

Thanks Bart, let me know if you know have any questions. You can also mark this thread as answered so that it can help others as well.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
238
Views
10
Helpful
5
Replies
CreatePlease to create content