11-26-2008 06:28 AM - edited 03-11-2019 07:18 AM
Hello,
I have a ASA5505 and a ASA5510 successfully setup and running a site to site VPN. I can manage (SSH and ASDM) the local ASA without any problems. I'm unsuccessful when trying to manage the remote ASA.
- Should I be connecting to the outside interface or the inside interface on the remote ASA?
- Do I need ACLs to allow the traffic (I've tried and have been unsuccessful)?
Attached you'll find a network diagram for easier analysis.
I'd post the ASA configs but I'm not sure what would be relevant. Any help is much appreciated.
Matt
Solved! Go to Solution.
11-26-2008 07:23 AM
If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:
Let's say your inside interface on the ASA is 10.0.0.1:
ssh 10.0.0.0 255.255.255.0 inside
If your remote site is 10.50.0.0/24 then add:
ssh 10.50.0.0 255.255.255.0 inside
Let me know if this works :-)
HTH,
John
11-26-2008 07:32 AM
In addition to John's post.
For managing the asa over an Ipsec tunnel you also need magament-access
where name_if whichever management interface you define in your fw.
for example typical scenario
asa(config)#management-access inside
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497
Rgds
Jorge
11-26-2008 07:23 AM
If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:
Let's say your inside interface on the ASA is 10.0.0.1:
ssh 10.0.0.0 255.255.255.0 inside
If your remote site is 10.50.0.0/24 then add:
ssh 10.50.0.0 255.255.255.0 inside
Let me know if this works :-)
HTH,
John
11-26-2008 07:32 AM
In addition to John's post.
For managing the asa over an Ipsec tunnel you also need magament-access
where name_if whichever management interface you define in your fw.
for example typical scenario
asa(config)#management-access inside
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497
Rgds
Jorge
11-26-2008 07:52 AM
That was it. THANKS FOR THE HELP.
Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide