Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISA550 - Remote Administration

How can Remote Administration be disabled? Under "Device Management" -->"Administration" --> "Remote Administration" I can only set "Remote Administration" from "On" to "Off"... this however only truns off remote administration via HTTPS but not via HTTP!

The next line reading "HTTP" is "On" by default and cannot be changed to "Off".

I am also having problems configuring a simple port forwarding rule for an SSH Client.

Running firmware 1.2.17.

Everyone's tags (5)
15 REPLIES
New Member

ISA550 - Remote Administration

Hello Simon Lang,

To turn off HTTP, first turn on Remote Administration. Then, you can turn off HTTP followed by Remote Administration.

As for your problem configuring a port forwarding rule, this article might help you in that situation:

Port Forwarding on ISA500 Series Integrated Security Appliances

If the article does not answer your question, please provide additional information on what exactly is the problem you are having so that others and myself can help you further.

New Member

ISA550 - Remote Administration

Thanks, Joshua.

That does not work, as I can still not change HTTP from "On" to "Off", even if Remote Adminstation is turned "On" and the settings are saved.

As per the attached screenshot, the HTTP switch remains "grey" and cannot be moved.

ISA550 - Remote Administration

Simon,

Have you tried switching Remote Administration to On, saving it, and then see if the HTTP allows the ability to turn off?  I'm on 1.2.17 as well and mine is working fine (see screenshot).  If that doesn' remedy it, I would recommend rebooting the ISA.  If it still doesn't work, I'd recommend opening a case with SBSC.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

ISA550 - Remote Administration

For the SSH Rule, would you please provide a little more information on what you're trying to accomplish (i.e. what Zone/VLAN is the source/destination, what IP/Range/Any it should be allowed, etc).

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

ISA550 - Remote Administration

Thanks Shawn. I have done what you suggesed, unfortunately without success and I have now also tried the following:

1. Switched to the secondary firmware (1.0.3) and rebooted with that. I was then able to switch the radio button labled "HTTP" to off, saved and rebooted.

2. As per the GUI, both HTTP and Remote Access are now turned off.

3. Oddly the Cisco GUI still appears on my external WAN IP, i.e., remote access is still on.

As to the issue with port forwarding, I will raise it in a separate thread it the problem persists. Not sure if it is caused by the ISA alone.

Thanks

Simon

ISA550 - Remote Administration

Post getting the HTTP to turn off, have you tried switching back to 1.2.17 to see if it stays off and if the GUI comes up on the outside interface IP?

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

ISA550 - Remote Administration

Yes. No change.

With firmware 1.2.17 the HTTP On/Off button is blocked again (see screenshot), this time in the "off position".

The GUI still appears on the WAN IP. This random behavior is giving me a bit of a headache - not ideal for a firewall.

Re: ISA550 - Remote Administration

Simon,
I can respect the concern. That said, I can also say that's not normal behavior. I've not had any of the same results with any of my ISAs. More than likely it's going to be a programmatic issue that can be resolved with a factory reset or a hardware issue (i.e. bad spot in memory) that can only be resolved with a unit exchange.

One last question before you head down one of those paths, have you tried making the change from another computer? Kind of an odd question, but I just had an instance the other day where I was seeing something odd in one of my ISAs and opened a discussion in the community. Later I checked for the same issue, by chance, from another computer and there was no issue. Turned out to be an IE issue on the first computer.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

ISA550 - Remote Administration

I have the same problem with my ISA 570. (firmware   1.2.18)

Remote administration and HTTP set to Off but the GUI still appears on the WAN IP.

New Member

ISA550 - Remote Administration


Shawn,

I have the same problem.

Our ISA570 firmware 1.2.18

I get the Gui login page on our public Ip

The remote administration is turned off and HTTP is also set to off

Therfore i can't get a simple webserver published on our public IP because the Cisco ISA570 is giving the login page on our public IP.

It is giving me a headache because the device is totaly useless for us.

I don't have much time left to make it work.

I sure can use some help.

New Member

ISA550 - Remote Administration

Note that a closer look revealed that in my case:

1. When calling the public ip from within my network, the gui did show.

2. When calling the public ip from outside my network, the gui did not show.

This (togehter with the odd blockage of the relevant button) was a bit irritating, but I guess it is the expected behavior. If your portforwarding is configured correctly and you actually come from outside your network, it should work (it now does in my case).

On my end, the blocked button was resolved with an upgrade to firmware 1.2.18.

Maybe this is helpful.

Good luck!

Simon

New Member

ISA550 - Remote Administration

Hi Simon,

Thanks for reply.

Excuse me for bad english.

Youre right it works.

But i bought the ISA570 as a small business solution.

We host our Exchange OWA and a webserver with our website.

Is there a way to make it work that our coworkers can get to our website and exchange OWA trough the internet and so trough the ISA570.

A simple Linksys WRT could do the job like at home, why can't a Cisco do that same job

Regards Ido

Gold

ISA550 - Remote Administration

Ido,

Please call support so we can help you get the port forwarding working properly.

www.cisco.com/go/sbsc

- Marty

New Member

ISA550 - Remote Administration

Hi Marty,

Thanks for your advise.

Problem solved in no time

But there is indeed an issue with remote management and he made a call for me.

He was very friendly and he nows his trade ;-)

He made my day

Regards Ido

Gold

ISA550 - Remote Administration

Ido,

Thank you for the update. I'm happy to hear that support was able to help you.

- Marty

1503
Views
0
Helpful
15
Replies
CreatePlease to create content