Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
5
Helpful
3
Replies

Cannot connect to ASA inside through VPN

s.gilbrook
Level 1
Level 1

‎09-19-2008 12:18 PM

Dear all,

I am trying to setup a connection to an ASA 5505 inside interface via an IPSEC tunnel.

The reason for this is so that I can manage the ASA via the VPN, as opposed to connecting to the outside/public facing IP address (I also plan to setup our network monitor to poll SNMP on the ASA via the VPN tunnel, so that I can monitor that the VPN is up).

I have assigned the "management-access inside" command to the ASA and am able to ping the ASA inside interface IP via the VPN, however, I am unable to Telnet/SSH/ASDM/https to the ASA.

I have run a syslog debug on the ASA and I can see my telnet/ssh etc. sessions being established on the ASA, via the VPN, but it seems as though the return traffic of the telnet/ssh etc. is not coming back through the VPN, so I am thinking the issue is a routing issue.

I have checked all the usual NAT/ACL/crypto-map settings and it all looks OK, it just seems as though the ASA cannot route back through the VPN from it's inside interface.

For reference, traffic from hosts inside the ASA is going back and forth through the VPN fine.

Any help would be appreciated.

Thanks.

Labels:
0 Helpful
3 Replies 3

joe19366
Level 1
Level 1

‎09-19-2008 12:32 PM

I did this also with the 5505 a few weeks ago- what we observed was EXTREMELY HIGH CPU (90+%) when the "inside" interface is a vlan.

I suspected a bug.

Make sure you have

same-security-traffic permit intra-interface

for the hairpin, but you are already pinging so I suspect you have this command.

We abandoned our persuit of this and continue to manage via the public interface. We did get ASDM to initially load but then take forever and freeze after a while and we could not manage the box.

Anyone else get this working?

thanks,

Joe

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to joe19366

‎09-19-2008 06:42 PM

try to add the following command then connect to the asdm for example via the vpn client

asa(config)#management-access inside

good luck

if helpful Rate

s.gilbrook
Level 1
Level 1
In response to Marwan ALshawi

‎09-24-2008 04:35 AM

Dear all,

Thanks for the replies - I have decided to scrap this idea and monitor do a basic poll to the outside interface of the ASA.

I will concentrate on setting up a poll to a device on the other side of the VPN, so as to periodically check that the tunnel is up.

It's a bit of a shame, as I can connect to the inside of a 501 and 515E without any trouble.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents