17
- July
2011
Posted By : Gom Jabbar
Cisco ASA Device Management – Connection Methods

There are 4 methods of establishing a management connection to the Cisco ASA: Console, Telnet, SSH and ASDM.

When administering the Cisco ASA, your choice of connection type is probably going to be determined by a few factors:

Should the management channel be encrypted?
A management connection to the ASA will transmit data such as login passwords, the enable password and commands. This communication should be secured. If the management traffic is going to be transmitted over an insecure medium, you can encrypt the management connection. Or you can use an out-of-band connection where eavesdropping is unlikely.

Do you want a GUI or a CLI interface? It’s a choice of data presentation, really. It’s dictated by personal preference, but this may be dependent on the tools you have on hand. For the command line, you need a client. Windows XP can do telnet from the command line. *nix or Mac OS X have built-in command line telnet and SSH capability. SecureCRT and Putty can be used for telnet, SSH and Serial console connections. If you want to manage the ASA via a GUI interface, use ASDM. ASDM requires a web browser with the ability to run Java applets.

Do you have physical access to the ASA? If so, you can connect a Serial console cable to the console port of the ASA. If not, you can connect remotely by enabling telnet, SSH or ASDM access to the management port, or to one of the network ports on the ASA.

What sort of connection is available from the management workstation? Do you have a serial console cable? What type of traffic is allowed from your local network?

Connection Method Data Presentation Encryption Local / Remote Physical Port
Console CLI No Local Console port
Telnet CLI No Remote Management /
Network port
Telnet over VPN CLI Yes Remote Management /
Network port
SSH CLI Yes Remote Management /
Network port
ASDM GUI Yes Remote Management /
Network port