cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1263
Views
10
Helpful
3
Replies
Highlighted
Beginner

ASA 5505 intervlan ADSM/SSH Access

hello,

I am running into a issue that I cannot seem to figure out. I have a asa 5505 with the Security Plus license. I setup a native vlan where all of my network devices sit on. ie my Wireless Access point has an ip of 192.168.3.2, my switch .3. I have no issues managing these devices from any vlan I am on (permitting firewall access rules). When I try to access my ASA via ASDM/SSH. I have to use the gateway of the vlan I am on. For instance. If I am on vlan 10 I have to use 192.168.10.1 for access, if I am on vlan 20 I type 20.1...etc...etc If I type in 192.168.3.1 I get an error in the ASDM logs that states TCP reset by appliance. This is for any gateway I type except for the gateway of the vlan that I am connected to. I am posting a sanitized config. How can I configure the ASA to permit access via any gateway.

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

ASA 5505 intervlan ADSM/SSH Access

Yes, that is how the ASA works. You can only manage the ASA on the interface where you are connected from, not crossing the interface, with one exception if you are trying to manage the ASA via VPN tunnel, then you can manage 1 cross interface.

View solution in original post

Highlighted
Cisco Employee

Re: ASA 5505 intervlan ADSM/SSH Access

Management-only command just tells the ASA to just pass all the "to the box" traffic which is typically ssh, telnet, http to the ASA. Its not going to alter the behaviour of the ASA and permit management from any vlan.

But like Jennifer said, you can manage that same interface designated as management-only through the vpn.

The command for the same is "management-access "

Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

ASA 5505 intervlan ADSM/SSH Access

Yes, that is how the ASA works. You can only manage the ASA on the interface where you are connected from, not crossing the interface, with one exception if you are trying to manage the ASA via VPN tunnel, then you can manage 1 cross interface.

View solution in original post

Highlighted
Beginner

Re: ASA 5505 intervlan ADSM/SSH Access

So this is by design? If I setup an interface for management only and patch it into my switch, would I then be able to manage the asa from any vlan?

Sent from Cisco Technical Support iPhone App

Highlighted
Cisco Employee

Re: ASA 5505 intervlan ADSM/SSH Access

Management-only command just tells the ASA to just pass all the "to the box" traffic which is typically ssh, telnet, http to the ASA. Its not going to alter the behaviour of the ASA and permit management from any vlan.

But like Jennifer said, you can manage that same interface designated as management-only through the vpn.

The command for the same is "management-access "

Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985

View solution in original post