Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
2
Replies

Accessing remote ASA over site-to-site VPN

Go to solution
maliseet
Level 1
Level 1

‎08-27-2024 10:55 AM

Hello,

I need to be able to access my ASAs via ASDM from one internal network to a different one.

Example:

Workstation:
ip address '192.168.1.2'
Main ASA:
interface 'main', ip address '192.168.1.1', 24-bit mask
interface 'outside', ip address '10.9.8.7'
Remote ASA:
interface 'main', ip address '192.168.2.1', 24-bit mask
interface 'outside', ip address dhcp (but currently has been assigned 10.10.9.8)
The two networks are connected via a Site-to-Site VPN and traffic flows both ways without trouble (except for my issue below).

Now, I can go thru Configuration > Management Access > ASDM/HTTPS/Telnet/SSH and have the Main ASA connect to 'outside' *IF* I know the DHCP address of the remote ASA. What I'd like to be able to do is go from 192.168.1.2 and connect via ASDM to 192.168.2.1 on 'main'....but I cannot seem to figure that out. I'd rather not have ASDM access on 'outside' on the Remote ASA because (a) it seems a lot less secure and (b) I may not know what the IP address of 'outside' is at any given time since it's configured for DHCP.

How can I connect to the remote ASA via an inside interface?

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎08-27-2024 11:00 AM

@maliseet If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different
interface, you can configure the command "management-access <interfacename> to manage the ASA over the VPN tunnel.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/admin-management.pdf

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎08-27-2024 11:00 AM

@maliseet If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different
interface, you can configure the command "management-access <interfacename> to manage the ASA over the VPN tunnel.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/admin-management.pdf

 

0 Helpful

Go to solution
maliseet
Level 1
Level 1

‎08-27-2024 11:22 AM

ooh, that did it, thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card