Hi,

asder3030 · ‎06-08-2016

Hi.

I have two ASA 5500 series. One used as internet border device, second is used for subdivide internal enterprise network. I connect to enterprise network remotely via first ASA and try to connect to management interface of the second one. When i do it packets reach second ASA's outside interface with lowest security level and being discarded. Is there any way to reach management interface of the second ASA through outside interface of the second ASA?

ankojha · ‎06-09-2016

Hi,

Could you share the show route and subnets in which the interfaces are on both ASA's

so that I can have clear understanding of the routes and suggest further.

looks like we can do this by adjusting the routing.

Thanks,

Ankita

asder3030 · ‎06-10-2016

I've found answer on my question.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/admin-management.html

SSH access to an interface other than the one from which you entered the ASA is not supported. This is also true for telnet and http.

Thanks to all.

Dina Odeh · ‎06-13-2016

Hi,

Could you share like a small topology using GNS or something else for your network.

I think this is what you have:

Internet --------- (outside) ASA1

|

ASA2

asder3030 · ‎06-13-2016

Internet --------(outside)ASA1(inside1)----------(inside1)ASA2(inside2)

<---VPN--->

I tried to connect from internet to inside2. It doesn't work because i reach ASA2 through inside1. To connect to ASA2 i should use inside1 of ASA2 only.

Dina Odeh · ‎06-13-2016

Hi Asder,

Yeah that's right and this is how ASA works by design :)

Management from outside