Question : Problem: Cisco ASA 5505

I have an ASA that has a public IP on the outside port.  What would be the best way to set it up for remote management?  Also, once in I would like to be able to RDP to a domain controller.

Answer : Problem: Cisco ASA 5505

The most secure way would be to establish a remote vpn connection and then allow ssh access via the IPSec tunnel. Otherwisw, you can configure ssh access on the outside interface:

asa(config)# crypto key generate rsa

asa(config)#ssh  [outside public ip address] 255.255.255.255 outside

asa(config)#ssh  version 2

asa(config)#  ssh timeout 5   (can be any value between 1 and 60, for minutes)

asa#  show ssh sessions   (to show current sessions)

to rdp into a domain  controller: (not recommended to open outside ports into a dc)
you should do this via vpn

you would need to statically map a public address for the dc with static nat:

static (inside,outside)  [public address of the dc]  inside lan address of dc netmask 255.255.255.255

then allow rdp through the asa from the outside:

access-list outside_in permit tcp any host [public address of dc] eq 3389

then  bind the access-list to the outside interface:

access-group outside_in in interface outside

This is not a complete asa configuration, just how to allow access to this dc from the outside


Again, this is not recommended, so I would configure the vpn and then access all your internal lan hosts via a secure vpn tunnel







Random Solutions  
 
programming4us programming4us