Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
284
Views
0
Helpful
0
Replies

Can access hosts in management vlan either or asa management ip

mcgiga
Level 1
Level 1

‎10-03-2024 12:07 PM - edited ‎10-03-2024 12:08 PM

Hi,

another posting another issue.

ASA is located in management VLAN 100. That vlan is terminated on the ASA so I am able to access the ASA from an internal PC of this vlan.

Between the internal VLANs and the ASA is a transit network.

I can access the ASA ip address via VPN (asdm, ssh). For this in the nat rule "lookup route table to locate egress interface" is set and the management interface is set to VLAN management.

Now I am not able to access hosts of the management VLAN via vpn.
192.168.100.50 = Switch in management VLAN
192.168.150.1 = VPN client

Firewall log shows: 192.168.100.50 443 192.168.150.1 50922 Deny TCP (no connection) from 192.168.100.50/443 to 192.168.150.1/50922 flags SYN ACK on interface Transit-Net

When I disable "lookup route table to locate egress interface" I am able to access all hosts in the management VLAN but not the ASA management ip address.

I guess it has something to do because the management VLAN is terminated on the ASA as a subinterface.

I suspect I have to somehow route all traffic for 192.168.100.0 through the transit-net including the ASA ip address OR force the ASA to send all traffic for the management VLAN through the transit-net excepting ASA's ip address, because ASA could reach it directly via management subinterface.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents