ASA RA-VPN to access ASA ASDM

yong khang NG · ‎04-16-2018

Hi All,

Seeking some logic as i going to configure this scenario soon

scenario:

User connecting using AnyConnect client to ASA-HQ outside inteface

So it will grant a DHCP IP pool

My question

How do i able to access the ASA-HQ ASDM, say it enable the ASDM access on inside interface. The VPN IP range is inter-routable between ASA-HQ

Eventually, i facing this problem actually. Maybe i can get conceptual ideas here

Thank

Noel

emre · ‎04-16-2018

hi

you can review the article on the link

https://networklessons.com/cisco/asa-firewall/cisco-asa-anyconnect-remote-access-vpn/

mls577 · ‎04-22-2018

You will need to do a few things to make it work.

step 1. setup the anyconnect vpn. Take note of the ip ranges that you will assign to anyconnect users.

step 2. Set the management interface to inside (or whichever interface you want to be able to connect to from anyconnect). You can do this using the command for example:

management access <interface>
management access inside

step 3. allow asdm access from users coming in from anyconnect (using anyconnect ip range). For example:

http <ip range assigned to anyconnect users> <subnet mask>  <interface used in management access statement above>

http 10.10.10.0 255.255.255.0 inside

4. Create nat exemption from inside to outside (anyconnect ip range sources from the outside interface)

nat (inside, outside) source static <host/network object of inside interface> <host/network object of inside interface> <ip range/network of ips used for anyconnect users> <ip range/network of ips used for anyconnect users>

nat(inside, outside) source static inside-network inside-network destination static anyconnect-network anyconnect-network

Assuming that you have the http server enabled, and have done the above. You should be able to access asdm from anyconnect using the ip address of the inside interface.