04-16-2018 07:15 AM - edited 02-21-2020 07:38 AM
Hi All,
Seeking some logic as i going to configure this scenario soon
scenario:
User connecting using AnyConnect client to ASA-HQ outside inteface
So it will grant a DHCP IP pool
My question
How do i able to access the ASA-HQ ASDM, say it enable the ASDM access on inside interface. The VPN IP range is inter-routable between ASA-HQ
Eventually, i facing this problem actually. Maybe i can get conceptual ideas here
Thank
Noel
04-16-2018 07:32 AM
hi
04-22-2018 08:39 AM
You will need to do a few things to make it work.
step 1. setup the anyconnect vpn. Take note of the ip ranges that you will assign to anyconnect users.
step 2. Set the management interface to inside (or whichever interface you want to be able to connect to from anyconnect). You can do this using the command for example:
management access <interface> management access inside
step 3. allow asdm access from users coming in from anyconnect (using anyconnect ip range). For example:
http <ip range assigned to anyconnect users> <subnet mask> <interface used in management access statement above> http 10.10.10.0 255.255.255.0 inside
4. Create nat exemption from inside to outside (anyconnect ip range sources from the outside interface)
nat (inside, outside) source static <host/network object of inside interface> <host/network object of inside interface> <ip range/network of ips used for anyconnect users> <ip range/network of ips used for anyconnect users> nat(inside, outside) source static inside-network inside-network destination static anyconnect-network anyconnect-network
Assuming that you have the http server enabled, and have done the above. You should be able to access asdm from anyconnect using the ip address of the inside interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide