Firewalling

Cisco ASA remote management via VPN

René Jorissen on February 14, 2011 4 Comments • Tags: #access #asa #cisco #interface #management #management-access #remote

By default, remote access VPN users aren’t able to manage a Cisco ASA firewall on the inside interface using any kind of management protocol (SSH, telnet, HTTPS).

You can enable remote management by specifying the management-access interface. You can specify the interface via the CLI or via the Cisco Adaptive Security Device Manager (ASDM). Both methods are specified below.

CLI

fw01/booches.nl/act# configure terminal
fw01/booches.nl/act(config)# management-access inside

ASDM

asa-management

When using the Management Access feature with remote VPN connections (IPSec or SSL VPN) don’t forget to add the VPN pool to the corresponding management access protocols on the interface you specified as management access interface

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

  1. Jezz Bird says:

    Cisco ASA remote management via VPN

    Hello René,

    I have been trying to work out how to do this for some time. Thanks very much for posting this – I am very grateful.

    Kind Regards

    Jezz

  2. LMathews says:

    Can you give an example?

  3. LMathews says:

    How would you remotely access asa over a site-site vpn?
    The vpn pool or remote subnet (site-site vpn) will be coming from outside interface yes?

  4. LMathews,

    You have to specify the VPN pool on the interface you set as management interface. I normally configure inside as management interface.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.