Make a PayPal Donation


  KB 0000068
  Dated 09/11/09
  Revision 0.02
   
Manage Cisco ASA5500 From Outside
 
Problem
If you have to look after a lot of client firewall's, or you simply want to be able to manage your own remotely then this can be done via the ASDM console.
Solution

ciscoasa> en
Password: *******

 1 Log into the firewall > Go to enable mode.

ciscoasa# conf t

 2 Go to configure terminal mode.

ciscoasa(config)# http server enable

 3. Turn on the ASDM Server.

ciscoasa(config)# http 217.22.146.254 255.255.255.255 outside

 4. Allow a host to connect from the Outside.

ciscoasa(config)# write mem
Building configuration...
Cryptochecksum: b984ffbc dd77cdbf f2cd8d86 0b8f3f96

3965 bytes copied in 1.490 secs (3965 bytes/sec)
[OK]

 5. Save the configuration.
 
Now this has set up access for the host 217.22.146.254 so it can connect to the ASA from outside. This uses https (TCP Port 443). which is fine if you don’t use HTTP for anything else or have it “Port Forwarded” for a web site or Exchange Web Access etc. If you do, then you will need to set the ASDM to listen on a different port. To do this you need to enter the following commands.

ciscoasa> en
Password: *******

 1 Log into the firewall > Go to enable mode.
ciscoasa# conf t 2 Go to configure terminal mode.

ciscoasa(config)# no http server enable

 3.Assuming you already have the ASDM server enabled quickly disable it (if this errors don’t worry just skip to the next step)
ciscoasa(config)# http server enable 2456 4. Now you need to enable the ADSM again on a particular port (in this example I’ll use TCP port 2456, but you can use any port from 1-65535.)

ciscoasa(config)# write mem
Building configuration...
Cryptochecksum: 244f5ae3 8088fc5e f1802a27 3bdac2b2
3970 bytes copied in 1.400 secs (3970 bytes/sec)
[OK]

 5. Don’t forget to save the settings.
Now from the remote client simply open a web page and proceed to https://{public_IP_of the ASA}:2456

 

If this post helped you, PLEASE take the time to +1 it.

Please be aware, all information is provided free, but it does cost me to have this site hosted, if I've helped you in any way, or saved you some time/cost please take time to make a donation.

If you have anything to add to an article, or have an article you would like us to publish please feel free to contact PeteNetLive. (Please be aware I get a LOT of email, I cannot assist and fix everyone's problems, please do not be offended if you do not get a response).
References - Credits - Or External Links
NA

 


powered by
Socialbar