03-23-2011 09:03 AM - edited 03-11-2019 01:11 PM
Hi everybody!
I'm having an issue with an ASA 5505 and I don't know if anyone knows a solution.
I have several ASA 5505 widespreaded in branch offices with a VPN. I'd like to manage them from central office, it is from their outside interfaces.
The IP addressing is like this:
LAN branch office-ASA-router-----------routercentral office
10.x.x.x(LAN)- inside ASA (10.x.x.x)-outside ASA (192.168.1.1)-router (192.168.1.100)--------router central office
Is it possible to manage the ASA inside (10.x.x.x) from central office? I tried with ACL or configuring same security levels, but I thunk this is something not allowed by ASA design.
Does anybody know?
Thank you in advance,
David
03-23-2011 09:24 AM
Your central offices is on the outside, right? If you are not coming through a VPN tunnel you won't be able to manage the ASA on it's inside interface only the outside.
Sent from Cisco Technical Support iPhone App
03-23-2011 01:43 PM
Paul, I'm afraid you're right :-(
Managing ASA by the outside interface is a problem for us, because we have there non-reacheable IP. Let me clarify the scenario:
BRANCH OFFICE
LAN: Reachable network. 10.38.176.112/28
inside: 10.38.176.113
outside: 192.168.1.5
ethernet ADSL router: 192.168.1.10
.
.
.
ANOTHER BRANCH OFFICE (outside and ethernet router are the same!!!!)
LAN: Reachable network. 10.38.176.0/28
inside: 10.38.176.1
outside: 192.168.1.5 (unreacheable)
ethernet ADSL router: 192.168.1.10
CENTRAL OFFICE
10.178.50.0/24. From this network we can reach all 10.38.176.x/28 networks, but not 192.168.1.0/24 becasue they are the same :-(
So I need to manage ASA by its inside interface. I'm afraid Cisco doesn't allow this.
03-23-2011 02:22 PM
I understand. You can't do that here. Too bad.
03-24-2011 12:50 AM
Thanks, Paul.
I'll wait if anybody knows a way to do it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: