Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
40-3
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 40 Configuring Management Access
Configuring ASA Access for ASDM, Telnet, or SSH
Configuring Management Access
To identify the client IP addresses allowed to connect to the ASA using Telnet, SSH, or ASDM, perform
the following steps:
Detailed Steps
Step 1 Choose Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH,
and click Add.
The Add Device Access Configuration dialog box appears.
Step 2 Choose the type of session from the three options listed: ASDM/HTTPS, Telnet, or SSH.
Step 3 From the Interface Name drop-down list, choose the interface to use for administrative access.
Step 4 In the IP Address field, enter the IP address of the network or host that is allowed access. The field allows
IPv6 addresses.
Note When you enter a colon (:) in the IP Address field for an IPv6 address, the Netmask field changes
to Prefix Length.
Step 5 From the Mask drop-down list, choose the mask associated with the network or host that is allowed
access.
Step 6 Click OK.
Step 7 Configure HTTP Settings.
a. Enable HTTP Server—Enable the HTTP server for ASDM access. This is enabled by default.
b. (Optional) Port Number—The default port is 443.
c. (Optional) Idle Timeout—The default idle timeout is 20 minutes.
d. (Optional) Session Timeout—By default, the session timeout is disabled. ASDM connections have
no session time limit.
Step 8 (Optional) Configure Telnet Settings.
a. Telnet Timeout—The default timeout value is 5 minutes.
Step 9 (Optional) Configure SSH Settings.
a. Allowed SSH Version(s)—The default value is 1 & 2.
b. SSH Timeout—The default timeout value is 5 minutes.
c. Diffie-Hellman—The default is Diffie-Hellman Key Exchange Group 1. The Diffie-Hellman Gey
Exchange Group 14 is also supported.
Step 10 Click Apply.
The changes are saved to the running configuration.
Step 11 (Required for SSH) You must also configure SSH authentication.
a. Choose Configuration > Device Management > Users/AAA > AAA Access > Authentication.
b. Check the SSH check box.
c. From the Server Group drop-down list, choose an already configured AAA server group name or the
LOCAL database. To add AAA server groups, see the “Configuring AAA Server Groups” section
on page 38-11.