Solved: Re: SSH/SNMP to ASA inside interface from the outside

rob.hicks1 · ‎10-25-2018

Hi,

I have a requirement to allow SSH & SNMP access to the inside interface of an ASA Firewall context. The issue is that the traffic is being source from the outside and therefore hits the outside interface first.

Is there a way to target the inside interface address of the ASA even when the management traffic is coming in via the outside interface?
Many thanks
Rob

Marvin Rhoads · ‎10-25-2018

You cannot do that unless it's coming in via VPN.

One alternative is to use a jumpbox or proxy host / relay.

View solution in original post

Marvin Rhoads · ‎10-25-2018

You cannot do that unless it's coming in via VPN.

One alternative is to use a jumpbox or proxy host / relay.

rob.hicks1 · ‎10-25-2018

Thanks for the reply Marvin. Looks like i need to think of a plan B :)

fabrice75 · ‎02-11-2020

@Marvin Rhoads wrote:
You cannot do that unless it's coming in via VPN.

Can you elaborate on "coming via VPN"?

I have a management server that is located in HQ trying to access a branch ASA on its inside interface. Both HQ and branch are connected using ipsec VPN would that setup not work?

The reason I want to use the inside is because we have two IPSec tunnels to the same branch ASA so the idea was to be able to reach the branch ASA via either IPSec tunnel.