04-26-2018 12:25 AM - edited 02-21-2020 07:40 AM
We have L2L VPN between 2 sites working without any issue, except we are not able to access ssh/asdm of remote ASA (DR) from local LAN of local ASA (HQ).
We have followed this cisco document
we have
1. route-lookup for No-NAT subnets (local and remote ASA)
2. management-access inside ( remote ASA)
3. SSH/HTTP allowed on inside interface (remote ASA)
4. SSH/HTTP allowed on outside interface (remote ASA)
5. Routing is okay
6. We can see packet leaves local ASA and hits remote ASA (ASDM monitoring).
Your input is highly appreciated and look forward for positive response.
Thanks & Regards
Ahmed...
04-26-2018 12:40 AM
Have you included the ASA inside interface that you are trying to connect to in the crypto ACL? Would help if you posted the full running configuration for both sides of the tunnel. Remember to remove any public IPs, usernames, passwords, and hostname of the devices.
04-26-2018 12:49 AM
Yes included, I will post the desired config soon
Thank You
04-26-2018 01:46 AM
04-26-2018 02:09 AM
04-26-2018 02:26 AM
This is just partial configuration please provide a full configuration of the two ASAs (remember to remove public IPs, usernames, passwords)
Or at least provide us with all Crypto configuration, NAT configuration, routing configuration, and information on which IP you are trying to access the ASA from.
04-26-2018 02:10 AM
Ping is blocked in whole path (Cisco ASA, CheckPoint Firewall and Perimeter router).
I have not done this capture type asp-drop match ip host ...".
04-26-2018 12:04 PM
04-27-2018 11:32 AM
After capturing packets and packet tracer, i found that the traffic was hitting different natting which did not have route lookup command, so after rectifying natting, asdm was accessible.
thanks for your input.
04-28-2018 12:44 AM
This is why I keep asking for the full running configuration of the ASA as there might be some configuration that people think is not relevant but it actually is.
Glad you found the solution though
04-26-2018 12:39 PM
Is this by any chance an ASA5506 configured with BVI?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide