https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463893#M635197 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>mokhovikov wrote:</P><P></P><P>jon thank you for reply. I've read about this command. It correct only for VPN connection or not?</P><P></P><P>"The <STRONG>management-access </STRONG>command is supported for the following through an IPSec VPN tunnel only"</P></PRE><P></P><P>Yes it is only for connectivity via an IPSEC VPN. If you aren't using an IPSEC VPN then you cannot connect to an interface across the FWSM so to connect to vlan 37 interface with ssh you would need to connect from vlan 37 device or a device reachable via the vlan 37 interface.</P><P></P><P>Jon</P></BODY></HTML> Tue, 08 Jun 2010 20:18:57 GMT Jon Marshall 2010-06-08T20:18:57Z https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463889#M635176 <P>Hi!</P><P>i have FWSM with this config:</P><P></P><P>!</P><P>interface Vlan35<BR /> nameif vlan35<BR /> security-level 100<BR /> ip address 10.10.35.1 255.255.255.0 standby 10.10.35.2<BR />!<BR />interface Vlan37<BR /> nameif vlan37<BR /> security-level 5<BR /> ip address 10.10.37.1 255.255.255.0 standby 10.10.37.2</P><P>!</P><P>...</P><P>!</P><P>ssh 10.10.35.0 255.255.255.0 vlan35<BR />ssh 10.10.35.0 255.255.255.0 vlan37</P><P>!</P><P></P><P></P><P>Somebody tell me please, why i can connect to FWSM from vlan35 to 10.10.35.1 but cannot connect to&nbsp; ip address 10.10.37.1(from vlan35) ?</P> Mon, 11 Mar 2019 17:56:21 GMT https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463889#M635176 mokhovikov 2019-03-11T17:56:21Z https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463890#M635177 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>mokhovikov wrote:</P><P></P><P>Hi!</P><P>i have FWSM with this config:</P><P></P><P>!</P><P>interface Vlan35<BR /> nameif vlan35<BR /> security-level 100<BR /> ip address 10.10.35.1 255.255.255.0 standby 10.10.35.2<BR />!<BR />interface Vlan37<BR /> nameif vlan37<BR /> security-level 5<BR /> ip address 10.10.37.1 255.255.255.0 standby 10.10.37.2</P><P>!</P><P>...</P><P>!</P><P>ssh 10.10.35.0 255.255.255.0 vlan35<BR />ssh 10.10.35.0 255.255.255.0 vlan37</P><P>!</P><P></P><P></P><P>Somebody tell me please, why i can connect to FWSM from vlan35 to 10.10.35.1 but cannot connect to&nbsp; ip address 10.10.37.1(from vlan35) ?</P></PRE><P>By default you can't connect to an interface through the FWSM. So if you want to ssh to int vlan 37 you would need to be on vlan 37 or on a device that is reachable via vlan 37.</P><P></P><P>You could use the "management-access" command and apply it to vlan 37 and this should allow you to connect from vlan 35 -</P><P></P><P><A class="active_link" href="http://www.cisco.com/en/US/customer/docs/security/fwsm/fwsm31/command/reference/m.html#wp1637044">FWSM management access </A></P><P></P><P>Jon</P></BODY></HTML> Tue, 08 Jun 2010 17:23:00 GMT https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463890#M635177 Jon Marshall 2010-06-08T17:23:00Z https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463891#M635180 <HTML><HEAD></HEAD><BODY><P>jon thank you for reply. I've read about this command. It correct only for VPN connection or not?</P><P></P><P>"The <STRONG>management-access </STRONG>command is supported for the following through an IPSec VPN tunnel only"</P></BODY></HTML> Tue, 08 Jun 2010 20:07:08 GMT https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463891#M635180 mokhovikov 2010-06-08T20:07:08Z https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463892#M635183 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>On the ASA firewall, the management-access inside command is only when terminating a VPN connection on the device.</P><P>I guess is the same for the FWSM.</P><P></P><P>Federico.</P></BODY></HTML> Tue, 08 Jun 2010 20:10:35 GMT https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463892#M635183 Federico Coto Fajardo 2010-06-08T20:10:35Z https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463893#M635197 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>mokhovikov wrote:</P><P></P><P>jon thank you for reply. I've read about this command. It correct only for VPN connection or not?</P><P></P><P>"The <STRONG>management-access </STRONG>command is supported for the following through an IPSec VPN tunnel only"</P></PRE><P></P><P>Yes it is only for connectivity via an IPSEC VPN. If you aren't using an IPSEC VPN then you cannot connect to an interface across the FWSM so to connect to vlan 37 interface with ssh you would need to connect from vlan 37 device or a device reachable via the vlan 37 interface.</P><P></P><P>Jon</P></BODY></HTML> Tue, 08 Jun 2010 20:18:57 GMT https://community.cisco.com/t5/network-security/fwsm-connect-interface/m-p/1463893#M635197 Jon Marshall 2010-06-08T20:18:57Z