Follow Us:

Enable Telnet and SSH access to Cisco ASA Firewall

In this article, we will discuss and configure Cisco ASA to accept Telnet and SSH requests. Cisco ASA Firewall can be managed by a Command Line Interface or Graphical User Interface. For GUI, you must install ASDM on your end device. First, we will configure the management interface and then enable SSH & Telnet. Let’s start!


Management Interface Configuration on Cisco ASA Firewall

I am assuming that you have a fresh Cisco ASA device. You can connect with the Console Cable to get into the command line of Cisco ASA for initial configuration.

First, we will configure the Management Interface required to take the console using SSH, Telnet, or ASDM. However, if your device is in production or you have already configured the Management Interface, skip this step.

ciscoasa# configure terminal
ciscoasa(config)# interface management 0/0
ciscoasa(config-if)# ip add
ciscoasa(config-if)# nameif mgmt
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# no shutdown

Enabling the SSH on the Cisco ASA Firewall

Since Telenet communication is in plain text, it is highly recommended to configure SSH. Once you access your device using SSH, all traffic from your management device to Cisco ASA will be in encrypted form. However, I’ll also configure Telnet for Device Management in the next session.

After the Management Interface configuration, you should define the Hostname and Domain name on the Cisco ASA Firewall.

ciscoasa(config)# hostname ASA-IPTrainer
ASA-IPTrainer(config)# domain-name

Now, you will need to generate the RSA Key since it is required by SSH. You can execute the below command to generate the RSA Keys:

Depending on key length, it will take some time to generate RSA Key Pair.

ASA-IPTrainer(config)# crypto key generate rsa modulus 2048
Keypair generation process begin. Please wait...

You should define the network or IP addresses that can access the Cisco ASA Firewall using SSH. You need to execute the following command:

ASA-IPTrainer(config)# ssh mgmt

This command will allow SSH from any Host with an IP Address from the subnet.

Finally, you will need to define the authentication method. If you are using any AAA server, you need to tell the firewall to use them.

However, in this example, I’m using Local Database credentials. First, I’ll create local credentials, and then, I’ll configure the firewall to use Local credentials during the SSH authentication.

ASA-IPTrainer(config)# username iptrainer password iptra!ner privilege 15

Notice the command have LOCAL word in caps. It is case sensitive and it must be in caps.

ASA-IPTrainer(config)# aaa authentication ssh console LOCAL

To save your configuration, you need to execute the below command:

ASA-IPTrainer# write memory

We have finished with the Cisco ASA Configuration. Now, you should open an SSH client like Putty to access the Cisco ASA SSH console.

Enabling the Telnet on the Cisco ASA Firewall

It is always recommended to enable SSH because it will encrypt the management traffic. On the other hand, the telnet traffic is in plain text, and anyone can read it.

To enable the Telnet on Cisco ASA, you must configure the management interface as we did in earlier steps.

ASA-IPTrainer(config)# enable password IptraineR

You can restrict the access of Cisco ASA.

Now, we will define the Local credentials that will be used during the login to Cisco ASA. You can execute the below command to define Cisco ASA Local Database users.

ASA-IPTrainer(config)# username iptrainer password iptra!ner privilege 15

Now, tell the firewall to use Local Credentials during the Telnet authentication.

ASA-IPTrainer(config)# aaa authentication telnet console LOCAL

Unlike SSH configuration, we don’t need to configure the Hostname and Domain name for Telnet access.

That’s it. We will now take the telnet access of ASA Firewall using a Telnet client such as Putty, Linux terminal, etc.

Related Articles


In this article, we have enabled SSH and Telnet access to Cisco ASA Firewall. First, we have configured the management interface of the Cisco ASA Firewall. SSH uses different cipher suites to encrypt the traffic. However, telnet communication is in plain text. It is always better to configure SSH. We have configured a local database for SSH and Telnet authentication. We can limit the Telnet and SSH communication by configuring the allowed IPs or networks. Finally, we took the SSH and Telnet of the Cisco ASA device. However, we required a client application such as Putty for Telnet and SSH access.

I hope you like this article. If you like this article, please share it on social media platforms.

Also, if you have any issues while configuring Telnet and SSH,  comment in the comment box, and I’ll respond as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copy link is now!