cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2552
Views
0
Helpful
3
Replies

ASDM access with Remote VPN

leelove01
Level 1
Level 1

I have a cisco ASA 5510 that I have set up currently to access via ASDM through the Inside interface. When I VPN in using our older VPN server I can connect to it fine. 

I recently set up the ASA to also be a VPN server which will eventually replace the older server for our HQ.  I noticed that when I'm VPN using the ASA as the VPN server, I can only ASDM to the public which I prefer not to allow.  Access to the inside doesn't seem to work this way.  Any ideas as to what might be causing this?  I would post configurations for assistance but I'm unsure what configurations if any would be causing this.  I'm assuming it's some thing I need to adjust in the VPN configuration.  Any help would be appreciated.  Thanks!

Lee

1 Accepted Solution

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

Can you add the following command and give it a try.

ASA(config)# management-access inside

If that does not help we will need to make captures to see if the packets are reaching the inside interface

capture capin interface inside circular-buffer

capture capin match tcp host x.x.x.x (VPN client) host x.x.x.x (ASA_inside_ip) eq 443

Then attempt to connect and provide us the:

show cap capin

Regards,

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 Replies 3

varrao
Level 10
Level 10

What's the version of ASA that you are using.

Varun

Thanks,
Varun Rao

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

Can you add the following command and give it a try.

ASA(config)# management-access inside

If that does not help we will need to make captures to see if the packets are reaching the inside interface

capture capin interface inside circular-buffer

capture capin match tcp host x.x.x.x (VPN client) host x.x.x.x (ASA_inside_ip) eq 443

Then attempt to connect and provide us the:

show cap capin

Regards,

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for the responses.  Your post was the correct response needed.  I had actually found it on this site under another post just before you posted here.  I appreciate all the help as this now has fixed the issue.  Thanks. 

Lee

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: