Solved: Connect to firewall SSH or ASDM from VPN

Brendan Wood · ‎03-21-2013

Hello,

I've created an AnyConnect VPN which the client is assigned an IP from the IP Pool 10.20.20.0/255.255.255.224.

I've tried to create an entry in the management access tab with the following settings, and it is not working;

Type:ASDM/HTTPS, Interface:Inside, IP Address 10.20.20.0, Mask: 255.255.255.224.

I've also tried setting the interface to outside - no improvement.

Any tips are welcome.

Javier Portuguez · ‎03-21-2013

Hi Brendan,

Please check these three basic things:

1- The internal network of the ASA is included in the split-tunnel ACL (if configured).

2- Make sure you have the following command: management-access inside

3- Make sure that the identity NAT entry for this traffic has the route lookup at the end. *

ie. nat (inside,outside) source static LAN LAN destination AnyConnect AnyConnect no-proxy-arp route-lookup *

* Assuming that you are running 8.4+

HTH.

Portu.

Julio Carvajal · ‎03-21-2013

Hello,

What version are you running, are you able to ping the inside interface from the anyconnect client?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Javier Portuguez · ‎03-21-2013

Hi Brendan,

Please check these three basic things:

1- The internal network of the ASA is included in the split-tunnel ACL (if configured).

2- Make sure you have the following command: management-access inside

3- Make sure that the identity NAT entry for this traffic has the route lookup at the end. *

ie. nat (inside,outside) source static LAN LAN destination AnyConnect AnyConnect no-proxy-arp route-lookup *

* Assuming that you are running 8.4+

HTH.

Portu.

Brendan Wood · ‎03-22-2013

Thanks Javier.

Brendan Wood · ‎03-22-2013

It was actually the management-access inside that was not set. Everything is fine now, thanks.

Javier Portuguez · ‎03-23-2013

Great

Keep it up!!