You can access Cisco ASA appliance using Command Line Interface (CLI) using either Telnet or SSH and for web-based graphical management using HTTPS (ASDM) management. Telnet uses TCP port 23 and is not secure. Secure Shell (SSH) on the other hand uses port 22 and is secure. SSH uses public key cryptography to authenticate remote user. You can configure SSH access in Cisco ASA device using the steps shown here.
First specify the address of all hosts and network which are allowed to access the ASA via the ASDM
step 1:
click on configuration
—-Device management
——Expand the Management Access
and Click on ASDM/HTTPS/Telnet/SSH
On the right pane click on ‘ADD’
to add the SSH parameters such as the IP address, specify the interface the user will be connecting from
and subnet mask as well.
Note you can as well set up an ASDM/HTTPS management Access here as well both for inside and outside interface, e.g
ASDM/HTTPS inside 192.168.xxx.0 255.255.250.0
SSH inside 192.168.xxx.0 255.255.250.0
Secondly, Add the user to the ASA local database in which in which the user will be granted SSH priviledges
step 2:
Navigate to Configuration
– Device Management
– Users/AAA
– User Accounts in order to add a user with ASDM.
on the right pane of the window, select “User Account”
– Click on add to add the parameters you desire, e.g username, password,
and select the right Access Restriction and privilege level.
This is an example of a configured user granted will look like
“(cisco 15 Full — Inherit Group Policy — — Inherit Group Policy –)”
Thirdly, enable authentication for the users to administer the Cisco ASA
Steps 3:
Navigate to Configuration
– Device Management
– Users/AAA
– AAA Access
– Authentication in order to set up AAA authentication for SSH with ASDM.
Now enable require autthentication for privilege mode access command and also enable for SSH server group