cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
655
Views
5
Helpful
4
Replies

Connect to outside ip addresses of ASA from inside

mikedelafield
Level 1
Level 1

Hello.

This has been asked before I think, but I can't believe its not possible.

I would like to connect to an outside interface IP address from the inside network of an ASA. Either ping or otherwise.

Additionally I would like to ping the inside interface IP of an ASA across a VPN link. This also appears not to be possible.

Any ideas?

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Mike

"I would like to connect to an outside interface IP address from the inside network of an ASA. Either ping or otherwise."

Correct, by design this is not possible.

"Additionally I would like to ping the inside interface IP of an ASA across a VPN link. This also appears not to be possible"

This you can do with the management-access command -

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

Jon

Thanks Jon.

I had just stumbled on the management access option! Thanks anyway.

As for the other part I guess it makes sense that you cannot connect to the outside/NAT addresses; as any IP addresses they translate to must by definition already be on the inside and accessible directly!

Mike

hi Guys,

so there is no way to arrange communication?

i would need this for following:

one of my inside networks is a WLAN and from there i would like to allow VPN access to the ASA, works fine if i use the Interface IP adress of that network.

So do i need to have two connection profiles?

one from outside with peer of the outside ipaddress

and one form inside_wlan with peer of wlan interface ip address?

i would like to have just one connecitno profile using the outside ipaddress, but this does not work? Is there now way to do this?

Yeah, that would not be possible.

You need to have two different profiles and two different crypto maps, one of the outside interface and one on the inside_wlan network with the outside IP and the Inside_WLAN ip respectively.

Cheers,

Nash.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: