09-28-2010 07:37 AM - edited 03-11-2019 11:46 AM
Hi,
Trying to get telnet and http server available for ipsec clients.This is from my config:
http server enable
http 10.180.1.0 255.255.255.0 inside <-- LAN
http 10.180.20.0 255.255.255.0 outside <-- VPN pool
VPN client can connect to LAN hosts, but not to the LAN asa IP 10.180.1.254. The ASA does not seem to listen to an IP at the vpn pool 10.180.20.0/24 either.
What am I missing here?
Solved! Go to Solution.
09-29-2010 11:13 AM
Also make sure you have enabled the http server.
If still you can't connect enable the "http" debugs and sylogs to get more details.
PK
09-28-2010 07:44 AM
Hello,
You can configure 'management-access inside'. That should allow VPN users to access the inside interface for management purposes. Here is the command reference:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985
Hope that helps.
-Mike
09-28-2010 07:45 AM
Also, you'll need to update your 'http' and 'telnet' commands to include the IP addresses of the VPN clients.
-Mike
09-28-2010 11:13 PM
I already have that, and yet I can't reach https://lan_ip_of_asa.
What else could it be?
09-29-2010 11:13 AM
Also make sure you have enabled the http server.
If still you can't connect enable the "http" debugs and sylogs to get more details.
PK
09-30-2010 05:38 AM
When I connect with ASDM, I do get the warning about security certificate, "do you want to trust this publisher?", but when I click yes it cant connect.
Telnet behaves pretty much the exact same way, it does connect but the session is immediately resetted - so the telnet windows flashes quickly which is NOT the case if the port is not open for me.
09-30-2010 06:12 AM
I would suggest using the "debug http" to see what the ASA reports when you try ASDM.
PK
10-27-2010 04:29 AM
Hi,
it has been a while. Here's output of 'debug http 255':
HTTP: processing ASDM request [/admin/version.prop] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
HTTP: processing ASDM request [/admin/version.prop] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
HTTP: processing ASDM request [/idm/idm.jnlp/] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
HTTP: processing ASDM request [/idm/idm.jnlp/] (aware_webvpn_conf.re2c:414)
HTTP: Do not check session. Reasons: not required=[0], no AAA=[1], IPv6=[0]
The user is level 15
Sorry, it works now. Was http server that listened on wrong interface :-)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: