https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978709#M149833 <P>I am using a pair of ASA5515s running 9.5 to connect two sites using a L2L IPSec tunnel.&nbsp; The tunnel works fine for hosts on each of the two private subnets but the ASA units themselves cannot be reached or managed&nbsp; (ICMP, ASDM, etc) accross the tunnel using a private IP on one side of the tunnel to the private network interface of the ASA on the other side of the tunnel.&nbsp;</P> <P>I guess what is happening is that the ASA is using its "closest" interface which is the public interface to try to send packets to the remote private subnet but if this is the case how can I tell it to use its private interface and IP?</P> <P>Thanks,<BR />Diego</P> Tue, 12 Mar 2019 08:17:43 GMT tato386 2019-03-12T08:17:43Z https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978709#M149833 <P>I am using a pair of ASA5515s running 9.5 to connect two sites using a L2L IPSec tunnel.&nbsp; The tunnel works fine for hosts on each of the two private subnets but the ASA units themselves cannot be reached or managed&nbsp; (ICMP, ASDM, etc) accross the tunnel using a private IP on one side of the tunnel to the private network interface of the ASA on the other side of the tunnel.&nbsp;</P> <P>I guess what is happening is that the ASA is using its "closest" interface which is the public interface to try to send packets to the remote private subnet but if this is the case how can I tell it to use its private interface and IP?</P> <P>Thanks,<BR />Diego</P> Tue, 12 Mar 2019 08:17:43 GMT https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978709#M149833 tato386 2019-03-12T08:17:43Z https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978710#M149834 <P>You need to specify management access to the inside interface. Just run the command in global config: <EM>management access &lt;interface name&gt;</EM></P> <P>Hope this helps.</P> Tue, 20 Sep 2016 10:50:54 GMT https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978710#M149834 S-Lemming 2016-09-20T10:50:54Z https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978711#M149835 <P>Cool,&nbsp;syslog across the tunnel is working now which is probably the most important thing I needed.&nbsp; However ASDM and ICMP still don't go even though I specifically allow both of these on all interfaces.&nbsp; Any ideas?</P> <P></P> <P>Thank you very much,</P> <P>Diego</P> Wed, 21 Sep 2016 00:14:04 GMT https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978711#M149835 tato386 2016-09-21T00:14:04Z https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978712#M149836 <P>If you are trying to ping between the ASAs you need to specify the inside interface as source interface, otherwise it will use the closest interface which is the outside and the packet will not be encrypted.</P> <P>On the ASA you want to reach through VPN, please set the ASDM access rule to allow the remote subnet on the inside interface (which you specified as the management interface above).</P> <P>Let me know how it goes.</P> Wed, 21 Sep 2016 06:45:42 GMT https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978712#M149836 S-Lemming 2016-09-21T06:45:42Z https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978713#M149837 <P>I believe I am allowing all subnets ICMP and ASDM using the following commands and also sourcing ping from inside interface.&nbsp; Is there something else I am missing?</P> <P><BR />icmp permit any inf_Inside<BR />icmp permit any inf_Outside</P> <P>http 0.0.0.0 0.0.0.0 inf_Inside<BR />http 0.0.0.0 0.0.0.0 inf_Outside</P> <P>Thanks,</P> <P>Diego</P> Wed, 21 Sep 2016 12:17:09 GMT https://community.cisco.com/t5/network-security/managing-asa-using-private-interface-accross-ipsec-tunnel/m-p/2978713#M149837 tato386 2016-09-21T12:17:09Z