Re: ASA Management/NAT Problem

paul.pearston · ‎12-21-2007

Hi All,

I appear to have a NAT problem with ASA build 7.2(3). I cannot SSH or SSL (with CSM) through the inside interface to the outside interface i.e. I want to manage the device on its external interface. I want to manage the device on its external interface as I have a second CSM server at a remote site. I receive the following errors when I SSH from an internal host to the external interface:

%ASA-6-302013: Built inbound TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 (x.x.x.x/3265) to NP Identity Ifc:y.y.y.y/22 (y.y.y.y/22)

%ASA-6-302014: Teardown TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 to NP Identity Ifc:y.y.y.y/22 duration 0:00:00 bytes 0 TCP Reset-I

Both the external and internal interface are logical interfaces on the same physical. Could this be the problem?

Thanks,

Paul

srue · ‎12-21-2007

do you have "management-access outside" configured?

why don't you post your config.

paul.pearston · ‎12-21-2007

Hi,

Thanks for the tip, however, I still cannot connect. When I try to establish a SSL connection from the remote CSM server to the internal interface of the local ASA I get a anti spoof error:

Deny IP spoof from (x.x.x.x) to y.y.y.y on interface TRANSIT

And, when I try to establish a SSL or SSH from the local CSM server to the external interface of the local ASA. I get the NP Indentity error previously posted.

I can't post the configs because its a clients network i.e. I don't have permission.

Thanks,

Paul