In this article, we will discuss and configure Cisco ASA to accept Telnet and SSH requests. Cisco ASA Firewall can be managed either by Command Line Interface or Graphical User Interface. For GUI, you must install ASDM on your end device. First, we will configure the management interface then we will enable SSH & Telnet. Let’s start!
Management Interface configuration on Cisco ASA Firewall
I am assuming that you are having a fresh Cisco ASA device. You just need to connect with the Console Cable to get into the Command-Line of Cisco ASA for initial Configuration.
First, we will set up the Management Interface. It is required to take the console using SSH, Telnet, or ASDM. However, in case your device is in production or you have already configured Management Interface can skip this step.
Enabling the SSH on Cisco ASA Firewall
Since Telenet communication is in plain text, so it is highly recommended to configure SSH. Once you access your device using SSH, all traffic from your management device to Cisco ASA will be in encrypted form. However, I’ll also configure Telnet for Device Management in the next session.
After the Management Interface configuration, now you need to define the Hostname and Domain name on Cisco ASA Firewall.
Now, you will need to generate the RSA Key since it is required by SSH. You can execute the below command to generate the RSA Keys:
Depending on key length, it will take some time to generate RSA Key Pair.
You need to define the network or IP addresses that can access Cisco ASA Firewall using SSH. You just need to execute the following command:
This command will allow the SSH from any Host with an IP Address from the 192.168.100.0/24 subnet.
Finally, you will need to define the authentication method. In case you are using any AAA server, you need to tell the firewall to use them.
However, in this example, I’m using Local Database credentials. So, First, I’ll create local credentials, then I’ll tell the firewall to use Local credentials during the SSH authentication.
Notice the command have LOCAL word in caps. It is case sensitive and it must be in caps.
To save your changes you need to execute the below command:
We have finished with Cisco ASA Configuration. Now, you just need to open an ssh client like putty to access the Cisco ASA SSH console.
Enabling the Telnet on Cisco ASA Firewall
It is always recommended to enable SSH because it will encrypt the management traffic. On the other hand, the telnet traffic is in plain text, anyone can read it.
To enable the Telnet on Cisco ASA you need to configure the management interface that we have done in the initial configuration.
You can restrict the access of Cisco ASA
Now, we will define the Local credentials that will be used during the login to Cisco ASA. You can execute the below command to define users on Cisco ASA Local Database.
Now, tell the firewall to use Local Credentials during the Telnet authentication.
Unlike SSH configuration, we don’t need to configure Hostname and Domain name for Telnet access.
That’s it. We have done the configuration on Cisco ASA Firewall. Now we will take the telnet access of ASA Firewall using Telnet client such as putty, Linux terminal, etc.
Related Articles
Reference
Summary
In this article, we have enabled SSH and Telnet access to Cisco ASA Firewall. First, we have configured the management interface of the Cisco ASA Firewall. SSH uses RSA keys to encrypt the traffic, however, telnet communication is in plain text. It is always better to configure SSH. We have configured a local database for SSH and Telnet authentication. We can limit the Telnet and SSH communication by configuring the allowed IPs or network. Finally, we were able to take the SSH and Telnet of the Cisco ASA device. Although, we required a client application such as putty for Telnet and SSH access.
Hope you like this article. In case you like this article, please share it on social media platforms by clicking the below links.
Also, if you have any issues during configuring Telnet and SSH, just comment in the comment box, I’ll respond to you as soon as possible.
If you like our content, Please Consider:
At IPtrainer.net, we provide Network, Network Security, and Linux Articles and Guides. All of the published articles are available FREELY to all.
Please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are always thankful for your never-ending support.