There are 4 methods of establishing a management connection to the Cisco ASA: Console, Telnet, SSH and ASDM.
When administering the Cisco ASA, your choice of connection type is probably going to be determined by a few factors:
Should the management channel be encrypted? A management connection to the ASA will transmit data such as login passwords, the enable password and commands. This communication should be secured. If the management traffic is going to be transmitted over an insecure medium, you can encrypt the management connection. Or you can use an out-of-band connection where eavesdropping is unlikely.
Do you want a GUI or a CLI interface? It’s a choice of data presentation, really. It’s dictated by personal preference, but this may be dependent on the tools you have on hand. For the command line, you need a client. Windows XP can do telnet from the command line. *nix or Mac OS X have built-in command line telnet and SSH capability. SecureCRT and Putty can be used for telnet, SSH and Serial console connections. If you want to manage the ASA via a GUI interface, use ASDM. ASDM requires a web browser with the ability to run Java applets.
Do you have physical access to the ASA? If so, you can connect a Serial console cable to the console port of the ASA. If not, you can connect remotely by enabling telnet, SSH or ASDM access to the management port, or to one of the network ports on the ASA.
What sort of connection is available from the management workstation? Do you have a serial console cable? What type of traffic is allowed from your local network?
Connection Method | Data Presentation | Encryption | Local / Remote | Physical Port |
Console | CLI | No | Local | Console port |
Telnet | CLI | No | Remote | Management / Network port |
Telnet over VPN | CLI | Yes | Remote | Management / Network port |
SSH | CLI | Yes | Remote | Management / Network port |
ASDM | GUI | Yes | Remote | Management / Network port |