06-08-2016 07:33 AM - edited 03-12-2019 12:51 AM
Hi.
I have two ASA 5500 series. One used as internet border device, second is used for subdivide internal enterprise network. I connect to enterprise network remotely via first ASA and try to connect to management interface of the second one. When i do it packets reach second ASA's outside interface with lowest security level and being discarded. Is there any way to reach management interface of the second ASA through outside interface of the second ASA?
06-09-2016 06:45 AM
Hi,
Could you share the show route and subnets in which the interfaces are on both ASA's
so that I can have clear understanding of the routes and suggest further.
looks like we can do this by adjusting the routing.
Thanks,
Ankita
06-10-2016 12:06 AM
I've found answer on my question.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/admin-management.html
SSH access to an interface other than the one from which you entered the ASA is not supported. This is also true for telnet and http.
Thanks to all.
06-13-2016 12:48 AM
Hi,
Could you share like a small topology using GNS or something else for your network.
I think this is what you have:
Internet --------- (outside) ASA1
|
|
|
ASA2
06-13-2016 03:27 AM
Internet --------(outside)ASA1(inside1)----------(inside1)ASA2(inside2)
<---VPN--->
I tried to connect from internet to inside2. It doesn't work because i reach ASA2 through inside1. To connect to ASA2 i should use inside1 of ASA2 only.
06-13-2016 03:50 AM
Hi Asder,
Yeah that's right and this is how ASA works by design :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide