Need help setting up vpn on asa 5506X

Mike Baker · ‎08-03-2015

Good afternoon. I am trying to setup an anyconnect vpn on a new asa 5506 and am struggling with getting some things to work. I can reach a device configured on the inside network, but have not been able to get to asdm or ssh if I want to administer the asa remotely from the dsl line it will be on. I know this is probabably trivial for an experienced person, but I am struggling. Please comment and direct me to the correct blog or forum so I don't waste everyones time. Thanks.

benng2 · ‎08-03-2015

CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide, 9.3 - Remote Access VPNs [Cisco ASA 5500-X Series Next-Generat…http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/vpn/asa-vpn-cli/vpn-remote-access.html

Please see above link whether it make sense.

kj4cyv001 · ‎11-13-2015

Since you got anyconnect going, your 99% there! In ASDM, click on Configuration, Device Management, Management Access, and then Management Interface. Choose Inside. Since you are VPN'ing in, you should be able to go to the management interface (The inside IP) of the firewall. Managing ASDM while VPN is secure. Just don't make any changes to the VPN configuration while you are VPN'ed. There is a way around that...

You can also click on Configuration, Device Management, Management Access, and then ADSM/HTTPS/SSH - put in the inside networks that you wish to be able to manage the firewall. I would NOT recommend allowing any outside networks (like 0.0.0.0) - but you can manage from outside IP's directly if you are careful and try to keep outside HTTPS/SSH access narrowed down to just a few outside fixed IP's that are 'owned' by you or your business. Managing a firewall directly from it's outside IP address is a must if you are changing IPsec passwords, certificates, or changing the VPN configuration. Don't use telnet on an outside interface if you don't have to for security reasons.