Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2043
Views
0
Helpful
4
Replies

ASA Management on the outside interface from the inside

Go to solution
jacques_henry696
Level 1
Level 1

‎03-04-2011 12:35 AM - edited ‎03-12-2019 06:01 PM

Hello,

Is it possible to manage (via the ASDM) my ASA from a *inside* LAN to the *outside* interface? I know this might sound crazy but believe me, I have good reasons.

Just to show you:

                                            inside if                    outside if

                                    (security level 0            security level 0

                                        10.0.0.254)                  11.0.0.254)

Admin Workstation  ------------------+------------ASA-----------+----------------

(10.0.0.1)

The following commands are enabled:

# same-security-traffic permit inter-interface

# http 10.0.0.0 255.0.0.0 inside

and the filtering rules are set to allow eveything.

However I cannot ping my outside interface from my workstation and the ASDM doesn't launch...

Any idea?

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to jacques_henry696

‎03-05-2011 03:33 PM

Hello Jacques,

I understand, many customers ask the same question, unfortunately cisco only documented Ping, and it was on the command reference for ASA 7.0, check on the following:


"For  security purposes the security appliance does not support far-end  interface ping, that is pinging the IP address of the outside interface  from the inside network"

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/trouble.html

If you have any other questions let me know.

Mike

Mike

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎03-04-2011 06:07 PM

Hello Jacques,

No it is not possible. You are only able to access your directly connected interface because of security reasons. It is not configurable and it is by ASA design.

Cheers

Mike Rojas

Mike
0 Helpful

Go to solution
jacques_henry696
Level 1
Level 1
In response to Maykol Rojas

‎03-05-2011 11:41 AM

Hi Mike,

Thanks for your answer. That's what I was afraid of...

I honestly do believe your word but as I have to justify my work can you redirect me to any cisco documentation I can refer to? I hope you won't take it the wrong way...

Thanks again!

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee
In response to jacques_henry696

‎03-05-2011 03:33 PM

Hello Jacques,

I understand, many customers ask the same question, unfortunately cisco only documented Ping, and it was on the command reference for ASA 7.0, check on the following:


"For  security purposes the security appliance does not support far-end  interface ping, that is pinging the IP address of the outside interface  from the inside network"

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/trouble.html

If you have any other questions let me know.

Mike

Mike
0 Helpful

Go to solution
jacques_henry696
Level 1
Level 1
In response to Maykol Rojas

‎03-06-2011 08:47 AM

That's what I was looking for!

Many thanks again!

Cheers

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card