Tuesday, February 15, 2011

How to configure remote access for ASDM and SSH for an ASA 5505

  • ASDM is already installed
  • You know the password to the ASA
Launch ASDM and click Configuration along the top bar. On the left side pane select Device Management (located on the bottom left).  Next click the + sign beside Management Access.  Next select ASDM/HTTPS/Telnet/SSH.  Click Add on the right hand side.  Select ASDM/HTTPS or SSH, inside or outside (depending on if this is for outside access (WAN) or inside access LAN).  The IP address can be a specific if you want to only allow one address or to allow all address you will want to enter  The same logic goes for the Mask.  Click ok and click apply.  Test and if it works, select Save.  You will need to repeat this if you want too allow several IP address and/or connection types.

You will also have to generate the ssh key.  Type the following from ASDM or through a console connection to the ASA.

conf t
ca generate rsa key 1024
wr mem

**NOTE:  If you see error messages like below, then the key wasn't completed correctly or you skipped that step.***

ssh_exchange_identification: Connection closed by remote host
Fail to establish SSH session because RSA host key retrieval failed.

Source: Link

Now you need to configure the authentication piece of remote access for the connection.  On the left side select Users/AAA -> AAA Access.  Under the Authentication Tab, Check SSH and select Server Group: LOCAL.  This will allow you authenticate with a local user account on the ASA while connection through SSH.  I have not tested this authenticating it against Active Directory, but I would imagine you can do this by setting up a AAA group and selected it instead of the LOCAL group.

At the time of writing my ASA was running 8.2(1) and ASDM 6.2(1).