Manage ASA from Anyconnect

Mc Nina · ‎08-12-2020

Hello,

I am trying to access the ASA management interface, from Anyconnect.

However, I added the necessary ACLs, but the ASA access management in SSH from the nomad vpn does not work.

I wonder if we can manage the ASA in ssh or other protocols (HTTP, HTTPS) from the anyconnect vpn, knowing that my vpn access arrives on the outside having a security level 0 and the management interface is an interface GE with a security level 100. Below is the configuration of my interfaces:

GigabitEthernet1 / 1 interface
nameif Internet
security level 0
IP address 92.10.172.222 255.255.255.240
!

GigabitEthernet1 / 4 interface
nameif servers
security level 100
IP address 12.28.1.4 255.255.0.0
!

thank you in advance for your help
Dahiya

Rob Ingram · ‎08-12-2020

Hi,

You will need to configure the command "management-access servers" in order to connect to the "servers" (inside) interface for management (ssh, https).

Reference:-

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/118092-configure-asa-00.html

Also check you are permitting access to connect to the ASA from the VPN IP Pool network via SSH/HTTPS

HTH

Mc Nina · ‎08-13-2020

Hello,

Thank you for this feedback.

I added this option, but I still can't access the ASA management via ssh or asdm (https) from the anyconnect vpn.

Thank you for your answers,

Dahiya

Rob Ingram · ‎08-13-2020

Are you permitting access to the inside interface for ssh/https? E.g.

ssh 10.10.0.0 255.255.255.0 INSIDE
http 10.10.0.0 255.255.255.0 INSIDE

Replace 10.10.0.0 255.255.255.0 with your RAVPN network.

If you do have this configured, please provide your configuration for review