Problem with reaching the active ASA Firepower 1150 through VPN

irag2211 · ‎12-05-2024

Hi,

I have configure Remote Access VPN on 2 ASA Firepower 1150, one is active and the other standby.

When i connect VPN on my Pc the connection is ok but i can't open through ssh or ASDM active ASA , where the VPN is set up. Whereas the Standby ASA is reachable through VPN (ssh and ASDM), but all trafic (even my connection) goes to Active one so for me is no needed the Standby ASA but Active.

Can anyone suggest what the causes could be?

Thank You!

DanielP211 · ‎12-05-2024

Hello!

You need to configure the command:
management-access ZONE

http X.X.X.0 255.255.255.0 ZONE

ssh X.X.X.0 255.255.255.0 ZONE

And then connect to the IP in that interface.

BR

****Kindly rate all useful posts*****

irag2211 · ‎12-06-2024

Hi Daniel,

The configuration which is done:

http X.X.X.X 255.255.255.255 mgmt ----- for the static ip i use through VPN

http X.X.X.0 255.255.255.0 mgmt ------ for the subnet i use on office

ssh X.X.X.X 255.255.255.255 mgmt ----- for the static ip i use through VPN

ssh X.X.X.0 255.255.255.0 mgmt ------ for the subnet i use on office

Are the confugurations right?

When i'm on office i can open from ssh/https both ASA-s Active and Standby, but when i'm at home through VPN i can open only the Standby ASA from https/ssh, the Active ASA cant open neither ssh/https. As i say above devices are configured on HA Failover Active/Standby, so the configurations are the same because every change in Active also changes in Standby.

Thanks