Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Enable externar SSH with CISCO ASA 5505

Hi all,

I have to enable SSH and HTTPS in a CISCO ASA 5505. SSH and HTTPS must accept request only fron certain addresses of the WAN.

How can I do it?

Thanks in advance,

Simone Spagna

6 REPLIES
Gold

Re: Enable externar SSH with CISCO ASA 5505

you can't. if you have some sort of filtering device in front of the asa, you can do it there, otherwise no.

New Member

Re: Enable externar SSH with CISCO ASA 5505

The complete situation is: My ASA is on a private network, say 10.10.10.0/24. Trough the ASA IP (say 10.10.10.10) is routed a public network (say 89.100.100.64/28).

The internal network is natted as 192.168.0.0/24.

I'm able to static nat some public ip to some internal machine/port, to access it from the Internet.

I would be able to access my ASA console (SSH and HTTPS) as, say 89.100.100.69 and access it trough the Internat.

Is there any way to obtain this?

Thank you

Simone

New Member

Re: Enable externar SSH with CISCO ASA 5505

I am just guessing here and do not have the equipment to try this out.

Just to access the ASDM or command line, entering http or ssh IP address /32 should get you access.

However to access the Management Console, provided you have set up contexts and the Management IP has a Public NAT, with the right rules, you should be able to access that IP as well.

Mike

New Member

Re: Enable externar SSH with CISCO ASA 5505

I didn't set up contexts and I prefer not to, if it's not stritly required (by the way, I tried to list contexts, but I got an error - command not found - is ASA 5505 capable of managing contexts?).

The problem with your answer is to know what are the rihgt rules. I tried a lot but none worked.

Simone

New Member

Re: Enable externar SSH with CISCO ASA 5505

I am not sure if I understand but why don't you just allow SSH and HTTPS access to the outside interface of the ASA? Your outside interface can be accessed from the Internet so...

If you specify which hosts can access the ASA wouldn't this do what you want?

For example:

http outside

ssh outside

I apologize if I am not understanding your problem correctly.

Hope it helps.

New Member

Re: Enable externar SSH with CISCO ASA 5505

the address of the ASA is on a private network (I wrote 10.10.10.10), so is not reachable from the Internet.

On the private address is routed by the provider a public subnet (I wrote 89.100.100.64/28).

If I configure the ASA, I can route the subnet on an interface and (if the access rules are correct) connect machines on the public network on that interface, access them from the Internet an access Internet from that machines.

Also, the ASA is assigned a pubblic address on that interface but, as the packets arrive form internal routing and not from the interface, I can't access the SSH and HTTPS from the Internet (I cound only from the machines connected to the interface).

1442
Views
0
Helpful
6
Replies
CreatePlease to create content