cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
696
Views
0
Helpful
7
Replies

telnet and http server for ipsec clients

3moloz123
Level 1
Level 1

Hi,

Trying to get telnet and http server available for ipsec clients.This is from my config:

http server enable

http 10.180.1.0 255.255.255.0 inside <-- LAN

http 10.180.20.0 255.255.255.0 outside <-- VPN pool

VPN client can connect to LAN hosts, but not to the LAN asa IP 10.180.1.254. The ASA does not seem to listen to an IP at the vpn pool 10.180.20.0/24 either.

What am I missing here?

1 Accepted Solution

Accepted Solutions

Also make sure you have enabled the http server.

If still you can't connect enable the "http" debugs and sylogs to get more details.

PK

View solution in original post

7 Replies 7

mirober2
Cisco Employee
Cisco Employee

Hello,

You can configure 'management-access inside'. That should allow VPN users to access the inside interface for management purposes. Here is the command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985

Hope that helps.

-Mike

Also, you'll need to update your 'http' and 'telnet' commands to include the IP addresses of the VPN clients.

-Mike

I already have that, and yet I can't reach https://lan_ip_of_asa.

What else could it be?

Also make sure you have enabled the http server.

If still you can't connect enable the "http" debugs and sylogs to get more details.

PK

When I connect with ASDM, I do get the warning about security certificate, "do you want to trust this publisher?", but when I click yes it cant connect.

Telnet behaves pretty much the exact same way, it does connect but the session is immediately resetted - so the telnet windows flashes quickly which is NOT the case if the port is not open for me.

I would suggest using the "debug http" to see what the ASA reports when you try ASDM.

PK

Hi,

it has been a while. Here's output of 'debug http 255':

HTTP: processing ASDM request [/admin/version.prop] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
HTTP: processing ASDM request [/admin/version.prop] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
HTTP: processing ASDM request [/idm/idm.jnlp/] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
HTTP: processing ASDM request [/idm/idm.jnlp/] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]

The user is level 15

Sorry, it works now. Was http server that listened on wrong interface :-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: