Re: Can not access ASAs inside interface via VPN tunnels

marcel.weeren · ‎08-12-2009

Hi there,

I have a funny problem.

I build up a hub and spoke VPN, with RAS Client VPN access for the central location.

All tunnels and the RAS VPN access are working fine.

I use the tunnels for Voip, terminal server access and a few other services.

The only problem I have is, that I could not access the inside IP address of any of my ASAs, neither via tunnels nor via RAS VPN access. No telnet access and no ping reach the inside interfaces.

No problem when I connect to the interface via a host inside the network.

All telnet statments in the config are ending with the INSIDE command.

On most of the ASAs the 8.2 IOS is running on one or two ASAs the 8.0(4).

For the RAS client access I use the Cisco 5.1 VPN client.

Did anybody have any suggestions?

Regards

Marcel

JORGE RODRIGUEZ · ‎08-13-2009

Marcel,

Simply add on the asas you want to administer through the tunnels

management-access

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985

for asa5505

management-access inside

for all others if you have management interface management0/0 defined then:

management-access management

then you may need to allow the source , for example if RA VPN pool network is 10.20.20.0/24 then you tell asa that network cann administer asa and point access to inside, but sounds you have this part already.

telnet 10.20.20.0 255.255.255.0 inside

http 10.20.20.0 255.255.255.0 inside

same principle for l2l vpns

Regards

Jorge Rodriguez

JORGE RODRIGUEZ · ‎08-14-2009

Marcel, are you all set or still have issues managing asa through ipsec?

Jorge Rodriguez

puseth · ‎08-18-2009

can you add this command in your Asa and test it out...

management-access inside