Re: Manage ASA from outside (ASDM and/or SSH)

David Serarols · ‎03-23-2011

Hi everybody!

I'm having an issue with an ASA 5505 and I don't know if anyone knows a solution.

I have several ASA 5505 widespreaded in branch offices with a VPN. I'd like to manage them from central office, it is from their outside interfaces.

The IP addressing is like this:

LAN branch office-ASA-router-----------routercentral office

10.x.x.x(LAN)- inside ASA (10.x.x.x)-outside ASA (192.168.1.1)-router (192.168.1.100)--------router central office

Is it possible to manage the ASA inside (10.x.x.x) from central office? I tried with ACL or configuring same security levels, but I thunk this is something not allowed by ASA design.

Does anybody know?

Thank you in advance,

David

PAUL GILBERT ARIAS · ‎03-23-2011

Your central offices is on the outside, right? If you are not coming through a VPN tunnel you won't be able to manage the ASA on it's inside interface only the outside.

Sent from Cisco Technical Support iPhone App

David Serarols · ‎03-23-2011

Paul, I'm afraid you're right :-(

Managing ASA by the outside interface is a problem for us, because we have there non-reacheable IP. Let me clarify the scenario:

BRANCH OFFICE

LAN: Reachable network. 10.38.176.112/28

inside: 10.38.176.113

outside: 192.168.1.5

ethernet ADSL router: 192.168.1.10

.

ANOTHER BRANCH OFFICE (outside and ethernet router are the same!!!!)

LAN: Reachable network. 10.38.176.0/28

inside: 10.38.176.1

outside: 192.168.1.5 (unreacheable)

ethernet ADSL router: 192.168.1.10

CENTRAL OFFICE

10.178.50.0/24. From this network we can reach all 10.38.176.x/28 networks, but not 192.168.1.0/24 becasue they are the same :-(

So I need to manage ASA by its inside interface. I'm afraid Cisco doesn't allow this.

PAUL GILBERT ARIAS · ‎03-23-2011

I understand. You can't do that here. Too bad.

David Serarols · ‎03-24-2011

Thanks, Paul.

I'll wait if anybody knows a way to do it.