Re: ASA 5505 access

mrSS · ‎02-22-2011

hello everybody,

I have the strangest issue when trying to access my asa from work. So I leave my pc up and running at home, every now and then I like to access it from work but in order for me to access it remotely via ssl vpn or ipsec vpn, I have to have a browser up on my pc. Any of you guys know why? If I dont have any browser up on the pc, I cant access my ssl page on the firewall or even ipsec vpn.

Thanks in advance

Jitendriya Athavale · ‎02-22-2011

hi could you please brief us a little more on wht is happening

if i understand you are able to vpn in to the box but you are not able to access the firewall through the vpn or you are not able to access your PC through the VPN, what exactly are you trying access via VPN

mrSS · ‎02-22-2011

thanks for the reply..

ok let me see if i can describe this better...

so if my browser is open on my pc, i can access my asa via ssl or ipsec. if no browsers are open on my pc, i cannot access my asa via ssl or ipsec. The problem is not with VPN access, its possibly something to do with the ASA and open tcp/udp connections. Im hoping somebody can answer why this is happening.

thanks again..

Jitendriya Athavale · ‎02-22-2011

is your PC the only device connected to your ASA, also what happens if you PC is up and your browser is not open

I am guess that if for some reason your PC when there is nothing running on it goes to sleep or standby and the line protocol goes down on the inside of ASA making it inaccessible

Also i suggest you enable ssh access from outside and login and see what is happening,

Also how are you accessing the firewall, do you login to the PC and then login to the firewall from there or directly login to the firewall using the inside ip

mrSS · ‎02-22-2011

is your PC the only device connected to your ASA, also what happens if you PC is up and your browser is not open

if the browser is not open, i cant access the SSL page from my ASA remotely

I am guess that if for some reason your PC when there is nothing running on it goes to sleep or standby and the line protocol goes down on the inside of ASA making it inaccessible

the pc doesnt go idle or sleep mode..its stays up 24/7...i thought that was the case as well, but it wasnt.

Also i suggest you enable ssh access from outside and login and see what is happening,

yeah, i can give that a try as well...but if my browser is closed, im back to square one.

Also how are you accessing the firewall, do you login to the PC and then login to the firewall from there or directly login to the firewall using the inside ip

im really accessing the SSL page from the firewall then have a VNC plugin to remote into my pc. I have accessed the firewall ASDM page remotely but ran into the same issue as noted.

Jitendriya Athavale · ‎02-22-2011

i dont hitnk you need to worry about the PC to access it from outside ip

mrSS · ‎02-22-2011

Im not worried about the PC access from the outside IP....I want to know why I need to have an open TCP session (being a browser) on my PC in order for me to access my ASA via SSL or IPSEC remotely.

Jitendriya Athavale · ‎02-22-2011

k lets see what the issue

can you please try this

connect to vpn

access the fw using the outside ip,now try to access the inside ip of the firewall and check the output of show crypto ipsec sa and check the ocunters if they are encrypting and decrytping

also i hope you already have management-access inside command