I have gone through that

chanccmtech · ‎04-17-2017

Good Day All,

I had a searched thru the forums looking for a very specific answer, however I can find similar topics regarding to it, but still unable to solve the issue I am currently facing.

Looking at the above diagram, user from 192.10.10.0/24 segment wants to access ASDM of firewall 192.168.51.1 via inside interface. User from that segment is able to communicate each other without any issues, but unable to access ASDM via inside interface. What else in my configuration could I still be missing. Let's just assume I have my ACL in place already.

I have enabled the following:

management-access inside

http server enable

http 0 0 inside

http 0 0 mgmt

nat (inside,outside) source static NETWORK_OBJ_192.168.51.0_24 NETWORK_OBJ_192.168.51.0_24 destination static NETWORK_OBJ_192.10.10.0_24 NETWORK_OBJ_192.10.10.0_24 no-proxy-arp route-lookup

What else could I still be missing? Pointers would be great.

ajay chauhan · ‎04-18-2017

You should also have -

http remote_subnet outside

This article may help.

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/118092-configure-asa-00.html

Ajay

chanccmtech · ‎04-18-2017

I have gone through that article before. Doesn't the command:

http 0 0 inside - covers any IP accessing inside interface?

Although by allow "http remote_subnet outside" that is pointing towards the outside interface rather than the inside interface?

ajay chauhan · ‎04-19-2017

Remote subnet is not local hence you should put that on outside. You can simply try that.

Ajay

Accessing ASDM via Inside interface thru site-to-site vpn