Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
5
Helpful
1
Replies

Qulays Scanner not able to communicate to Inside IP of ASA 500

rajikoul1978
Level 1
Level 1

‎07-29-2021 10:31 PM

Team,

I am stuck up in one issue with CISCO ASA5515 where i checked everything related to rules/access-list but not able to get  why firewall inside ip is not able to respond back to Scanner,

Just want to know is their some other extra config to be done on ASA so that it can communicate with qualys

Below is brief description of issue:

 

  • Qualys Scanner in spinned up in Amazon and  polls On-prem network over Site-Site IPSC towards On-Prem (built on firewall-ASA)
  • Source IP of Scanner is 10.0.1.195 from which is tries to reach firewall inside IP (10.10.6.1) and which is not happening
  • But same Source IP of Scanner is 10.0.1.195 is easily reaching and scanning Cisco switch on (10.10.0.1 and 10.10.6.2)  which is directly connected to firewall on inside interface

IIT-XXXX# sh ver

Cisco Adaptive Security Appliance Software Version 9.12(4)18
SSP Operating System Version 2.6(1.225)
Device Manager Version 7.15(1)150

This platform has an ASA 5515 Security Plus license.

 

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎07-30-2021 12:22 AM

@rajikoul1978 

Normally on an ASA only responds to traffic sent to the interface that the traffic comes in on, so you cannot connect to a far interface. The exception to this is if connecting over a VPN tunnel. You can configure the command "management-access <inside interface name>" ....this will allow you to connect to the ASAs inside interface, using ping, ssh, telnet and http(s).

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card