06-08-2010 08:49 AM - edited 03-11-2019 10:56 AM
Hi!
i have FWSM with this config:
!
interface Vlan35
nameif vlan35
security-level 100
ip address 10.10.35.1 255.255.255.0 standby 10.10.35.2
!
interface Vlan37
nameif vlan37
security-level 5
ip address 10.10.37.1 255.255.255.0 standby 10.10.37.2
!
...
!
ssh 10.10.35.0 255.255.255.0 vlan35
ssh 10.10.35.0 255.255.255.0 vlan37
!
Somebody tell me please, why i can connect to FWSM from vlan35 to 10.10.35.1 but cannot connect to ip address 10.10.37.1(from vlan35) ?
06-08-2010 10:23 AM
mokhovikov wrote:
Hi!
i have FWSM with this config:
!
interface Vlan35
nameif vlan35
security-level 100
ip address 10.10.35.1 255.255.255.0 standby 10.10.35.2
!
interface Vlan37
nameif vlan37
security-level 5
ip address 10.10.37.1 255.255.255.0 standby 10.10.37.2!
...
!
ssh 10.10.35.0 255.255.255.0 vlan35
ssh 10.10.35.0 255.255.255.0 vlan37!
Somebody tell me please, why i can connect to FWSM from vlan35 to 10.10.35.1 but cannot connect to ip address 10.10.37.1(from vlan35) ?
By default you can't connect to an interface through the FWSM. So if you want to ssh to int vlan 37 you would need to be on vlan 37 or on a device that is reachable via vlan 37.
You could use the "management-access" command and apply it to vlan 37 and this should allow you to connect from vlan 35 -
Jon
06-08-2010 01:07 PM
jon thank you for reply. I've read about this command. It correct only for VPN connection or not?
"The management-access command is supported for the following through an IPSec VPN tunnel only"
06-08-2010 01:10 PM
Hi,
On the ASA firewall, the management-access inside command is only when terminating a VPN connection on the device.
I guess is the same for the FWSM.
Federico.
06-08-2010 01:18 PM
mokhovikov wrote:
jon thank you for reply. I've read about this command. It correct only for VPN connection or not?
"The management-access command is supported for the following through an IPSec VPN tunnel only"
Yes it is only for connectivity via an IPSEC VPN. If you aren't using an IPSEC VPN then you cannot connect to an interface across the FWSM so to connect to vlan 37 interface with ssh you would need to connect from vlan 37 device or a device reachable via the vlan 37 interface.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide