Solved: Configure Cisco ASA for remote access thru public ip

john · ‎06-14-2017

hi all,

please advise ice if it is possible to configure Cisco asa for remote access thru public ip?

regards,

john

johnlloyd_13 · ‎06-14-2017

hi,

when you say 'remote access' do you mean SSH to the box or enable anyconnect feature on the ASA?

View solution in original post

Reza Sharifi · ‎06-14-2017

Hi,

Yes, Cisco ASA can be configured for remote access/vpn.

HTH

johnlloyd_13 · ‎06-14-2017

hi,

when you say 'remote access' do you mean SSH to the box or enable anyconnect feature on the ASA?

john · ‎06-15-2017

Hi johnlloyd_13 ,

SSH the box from external network using public.

Regards,

John

johnlloyd_13 · ‎06-15-2017

hi,

just enable SSH and specify the allowed network or host IPs to the ASA.

here's a useful link to enable SSH on the ASA:

http://wannabelab.blogspot.com/2014/01/configuring-my-cisco-asa-5505-home-lab.html

john · ‎06-15-2017

I did not see he use the public ip to ssh to the asa its just local.

johnlloyd_13 · ‎06-15-2017

hi,

do you have management servers or a remote sitet using public ip space?

just replace the allowed host IP/subnet according to your environment:

ssh 123.4.5.0 255.255.255.0 outside <<< ALLOW 123.4.5.0/24 TO SSH TO ASA 'outside' PUBLIC IP ADDRESS

ssh 67.8.9.1 255.255.255.255 outside <<< ALLOW ONLY HOST 67.8.9.1 TO SSH TO ASA

john · ‎06-15-2017

Hi Johnlloyd,

if i am outside the network say at home and i want to ssh the asa on customer site.

will this command ssh "0.0.0.0 0.0.0.0 outside" work? because i plan to access the FW from anywhere.

johnlloyd_13 · ‎06-16-2017

hi,

yes, it's basically allowing SSH from 'any' source IP coming from the ASA 'outside' interface.

although i wouldn't do such SSH command unless it's necessary (and approved by IT management) and you have other layers of security in place on the ASA such as TACACS/AAA, 'strong' local admin passwords, etc.