08-20-2014 05:20 AM - edited 03-11-2019 09:39 PM
Hi ,
I have configured the Remote IPsec vpn on my firewall asa 5510. i have configured the standard acl for accessing the internet network. i am able to connect the vpn, able to access the lan devices as well but when i tried to connect to the firewall itself on public IP its not working.
any suggestions Please.
08-20-2014 07:33 AM
We could answer your question better if we knew more about how you have configured your ASA and how you are attempting to access it. In particular it would help if we knew what is the addressing in your VPN address pool, how you are attempting to access the ASA (is it telnet, SSH, ASDM), and what addresses and source interfaces you have specified as able to access the ASA.
HTH
Rick
08-20-2014 09:39 PM
Hi ,
Running IOS:Cisco Adaptive Security Appliance Software Version 8.2(5)
In the normal operation i am able to ssh the inside interface through lan. and also earlier through vpn i was able to access the firewall on outside interface.
I have configured one subnet 10.101.101.0 255.255.255.224 for vpn, and trying to do ssh .also earlier it was working fine... but now its not working. ssh is enabled on outside interface for this subnet.
ip local pool pool**** 10.101.101.1-10.101.101.30 mask 255.255.255.224
tunnel-group noc-****** general-attributes
address-pool pool*****
default-group-policy ra-*******
group-policy ra-***** attributes
wins-server none
dns-server value ************
vpn-simultaneous-logins 10
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ra-********
default-domain value vertex.co.in
ssh 10.101.101.0 255.255.255.224 outside
access-list ra-******* standard permit host ******************* -------Even added acl for public ip of asa
access-list ra-******* standard permit host ******************
*************
Note: When am trying to ssh the firewall outside interface IP, getting log that ACL denied
the Logs which is generated is not from the IP which i got through vpn , its from my public IP of Data card.
08-21-2014 08:03 AM
From the symptoms that you describe I am guessing that the issue has to do with the configuration for split tunneling for AnyConnect. Were any changes made in that part of the config of the ASA? Can you provide the details of how split tunneling is currently configured?
HTH
Rick
09-07-2014 11:41 PM
Thanks for the support..
Issue got resolve. now am able to connect it automatically....
09-08-2014 09:58 AM
It is good to know that the issue is resolved. Can you share with us what the problem was and what you did to resolve it?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide