Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5510 remotly managed.

Hi!

I have installed an ASA5510 in another town and I wish to manage it remotly using an SSH connection. Is it possible? What commands do I need to enter? Thanks in advance!

  • Firewalling
13 REPLIES
Cisco Employee

Re: ASA5510 remotly managed.

Hi,

Please refer the below URL for configuring SSH on ASA

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml#configs

Regards,

Arul

*Pls rate if it helps*

New Member

Re: ASA5510 remotly managed.

Very helpful link, but I still have a question: I tried to manage the firewall succesfully from hosts located in the inside and outside subnets, but I couldn't archieve managing the firewall from a remote host in the other side of the router, in spite of having followed carefully the steps in the link you posted. Any suggestion? (specially about how to use the ssh command in this case or how to do natting in the router). Thanks in advance!

New Member

Re: ASA5510 remotly managed.

There may be an ACL on the router in front of the ASA, have you checked that?

New Member

Re: ASA5510 remotly managed.

Actually I can manage the firewall but in a very peculiar way: I start a VNC connection from a remote host to a server behind the firewall, and later I start again an SSH connection from the server to the firewall. To allow the VNC connection I do static natting in order to traduce the server address (located in the inside subnet) to a static one in the outside subnet, create an ACL (in the firewall) that permits the VNC traffic and finally configure the router to nat the incoming VNC queries to the statically traduced IP address. To allow SSH connections from the server to the firewall I follow all the steps in the link, entering the command "ssh 172.16.0.10 255.255.255.255 DMZ", where 172.16.0.10 is the server source address and DMZ is the name of the inside interface.

What do I have to do so as to manage the firewall directly?

New Member

Re: ASA5510 remotly managed.

Determine if you are able to see your external IP address hitting the firewall.

example: say your outside ip arrives as 55.1.1.1

run debug icmp trace 1, ping your ASA (is it an asa?) and check the logs or run term mon on the ASA to make sure you see your pings arrive.

then add ssh 55.1.1.1 255.255.255.255 outside

test ssh connection and check logs for errors. post logs here (change real asa ip address for your own security).

New Member

Re: ASA5510 remotly managed.

I can't see any ping reaching the firewall. I entered the "debug icmp trace 1" command and ping from an external computer but nothing happened. I suppose there's something wrong with the router config but I'm not able to determine what. It's a Zyxel 660HW. Any idea?

New Member

Re: ASA5510 remotly managed.

If you are not seeing ping to the ASA (when you type "debug icmp trace 1" on the ASA, and you are logged into the ASA to see the terminal loggs, and debugs, then your ping is not hitting the ASA. If you have access to the router, you need to open up ssh (and ping if you like) to manage from the outside. OK? (Please rate my posts if you find this info. helpful).

New Member

Re: ASA5510 remotly managed.

hi

is there a router in front of the ASA? If no then try this

1) conf t

2) ssh (ip of the network or host allowed to access) (mask) outside

e.g ssh 10.10.10.5 255.255.255.255 outside

HTH

New Member

Re: ASA5510 remotly managed.

solpandor, there's a router in front of the ASA, that's the problem, to reach the firewall through the router from the outside.

177
Views
7
Helpful
13
Replies
This widget could not be displayed.