cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

11237
Views
8
Helpful
17
Replies
Highlighted
Beginner

SSH and HTTPS over VPN

We have a functioning tunnel set up between two ASA5510s.  Traffic passes normally between the two.  Both ASAs are configured for aaa, ssh, and http access.  I can ping the outside ASA address of either ASA from the other's ASA, but neither ssh, nor ASDM access works from either network to the other ASA..  What do I need to look for in the configuration?  I did not set these up originally and the configurations are rather large.  Thanx!

17 REPLIES 17
Highlighted

Well, you came up with something there! I changed the command to use the

In_Laker interface and started ASDM to the remote's address. After the

login screen, ASDM said it was loading and then the ASDM start splash screen

disappeared nothing else happened. At least we're getting somewhere, but

why would that happen. Is it a case of mismatched versions of software?

Any additional clues on this issue would be appreciated. I had done some

preliminary research which seemed to point to a specific version of Java,

but I have since corrected that. Thank you!

Regards,

Wolf

Highlighted

I set up the packet tracer and have attached the output. Unfortunately, the

remote OS does not have this capability. I am trying to convince my manager

that we need to upgrade the OS and ASDM version so they are at the same

revision level as our local ASA. I configured the captures on both

machines. Am I supposed to manually start a capture? I've used Wireshark

and dedicated sniffers in the past, but I have not used the ASA to capture

packets yet. Thanx!

Regards,

Wolf

Highlighted

looks like inside route is necessary.

main site
route inside 10.0.0.0 255.0.0.0 (your LAN switch IP addy) 1
route inside 10.0.0.0 255.0.0.0 10.10.30.x 1

route inside 10.10.250.0 255.255.255.248 (your remote switch IP addy) 1
route inside 10.10.250.0 255.255.255.248 10.2.1.x 1

On Remote site
route inside 10.0.0.0 255.0.0.0 (your LAN switch IP addy) 1
route inside 10.0.0.0 255.0.0.0 10.2.1.x 1

Where does Norlight PPP goes to?
properly enable your http and ssh inside access on both firewalls.

Thx,
Eric

Content for Community-Ad