Solved: Add network allowed to connect via ASDM

Willard Dennis · ‎08-29-2011

Hi all,

I have a situation that I'm trying to improvise a solution to... We have lost our main Internet connection, which is used to connect (via a L2L IPsec tunnel) out branch office to us. So now I'm trying to bring up a VPN tunnel on another available Internet connection we have, but I cannot connect to the ASA via ASDM because the ruleset on the remote ASA is set to only allow conn's from our public IP block (which is the one that's down.) I don't have a local ASA to look at; can someone tell me how to configure the remote ASA to allow another netblock to connect to it via ASDM/SSH? I'll have to walk the remote site admin thru the config, so I need pretty explicit instructions.

Thanks!

John Blakley · ‎08-29-2011

asa>enab

asa# conf t

asa(config-t)#ssh 0.0.0.0 0.0.0.0 outside

That should do it...you'll be able to ssh into the box, but so will everyone else, so don't keep it up too long. (Obviously, they'll need a username/password to get into it.) You can put the explicit address that you're coming from if you want with a 32-bit mask (192.168.1.1 255.255.255.255 outside), but if you lose that address then you'll need to do it over again.

ASDM:

Same premise, but like:

http 0.0.0.0 0.0.0.0 outside

Definitely remove these when you're done....

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎08-29-2011