https://community.cisco.com/t5/network-security/asa-management-nat-problem/m-p/830861#M958167 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Thanks for the tip, however, I still cannot connect. When I try to establish a SSL connection from the remote CSM server to the internal interface of the local ASA I get a anti spoof error:</P><P></P><P>Deny IP spoof from (x.x.x.x) to y.y.y.y on interface TRANSIT</P><P></P><P>And, when I try to establish a SSL or SSH from the local CSM server to the external interface of the local ASA. I get the NP Indentity error previously posted. </P><P></P><P>I can't post the configs because its a clients network i.e. I don't have permission.</P><P></P><P>Thanks,</P><P>Paul</P></BODY></HTML> Fri, 21 Dec 2007 14:44:08 GMT paul.pearston 2007-12-21T14:44:08Z https://community.cisco.com/t5/network-security/asa-management-nat-problem/m-p/830859#M958165 <P>Hi All,</P><P>I appear to have a NAT problem with ASA build 7.2(3). I cannot SSH or SSL (with CSM) through the inside interface to the outside interface i.e. I want to manage the device on its external interface. I want to manage the device on its external interface as I have a second CSM server at a remote site. I receive the following errors when I SSH from an internal host to the external interface:</P><P></P><P>%ASA-6-302013: Built inbound TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 (x.x.x.x/3265) to NP Identity Ifc:y.y.y.y/22 (y.y.y.y/22)</P><P>%ASA-6-302014: Teardown TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 to NP Identity Ifc:y.y.y.y/22 duration 0:00:00 bytes 0 TCP Reset-I</P><P></P><P>Both the external and internal interface are logical interfaces on the same physical. Could this be the problem?</P><P></P><P>Thanks,</P><P>Paul</P> Wed, 13 Mar 2019 00:53:51 GMT https://community.cisco.com/t5/network-security/asa-management-nat-problem/m-p/830859#M958165 paul.pearston 2019-03-13T00:53:51Z https://community.cisco.com/t5/network-security/asa-management-nat-problem/m-p/830860#M958166 <HTML><HEAD></HEAD><BODY><P>do you have "management-access outside" configured?</P><P>why don't you post your config.</P></BODY></HTML> Fri, 21 Dec 2007 13:11:10 GMT https://community.cisco.com/t5/network-security/asa-management-nat-problem/m-p/830860#M958166 srue 2007-12-21T13:11:10Z https://community.cisco.com/t5/network-security/asa-management-nat-problem/m-p/830861#M958167 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Thanks for the tip, however, I still cannot connect. When I try to establish a SSL connection from the remote CSM server to the internal interface of the local ASA I get a anti spoof error:</P><P></P><P>Deny IP spoof from (x.x.x.x) to y.y.y.y on interface TRANSIT</P><P></P><P>And, when I try to establish a SSL or SSH from the local CSM server to the external interface of the local ASA. I get the NP Indentity error previously posted. </P><P></P><P>I can't post the configs because its a clients network i.e. I don't have permission.</P><P></P><P>Thanks,</P><P>Paul</P></BODY></HTML> Fri, 21 Dec 2007 14:44:08 GMT https://community.cisco.com/t5/network-security/asa-management-nat-problem/m-p/830861#M958167 paul.pearston 2007-12-21T14:44:08Z