08-03-2015 02:55 PM
Good afternoon. I am trying to setup an anyconnect vpn on a new asa 5506 and am struggling with getting some things to work. I can reach a device configured on the inside network, but have not been able to get to asdm or ssh if I want to administer the asa remotely from the dsl line it will be on. I know this is probabably trivial for an experienced person, but I am struggling. Please comment and direct me to the correct blog or forum so I don't waste everyones time. Thanks.
08-03-2015 07:03 PM
11-13-2015 09:30 PM
Since you got anyconnect going, your 99% there! In ASDM, click on Configuration, Device Management, Management Access, and then Management Interface. Choose Inside. Since you are VPN'ing in, you should be able to go to the management interface (The inside IP) of the firewall. Managing ASDM while VPN is secure. Just don't make any changes to the VPN configuration while you are VPN'ed. There is a way around that...
You can also click on Configuration, Device Management, Management Access, and then ADSM/HTTPS/SSH - put in the inside networks that you wish to be able to manage the firewall. I would NOT recommend allowing any outside networks (like 0.0.0.0) - but you can manage from outside IP's directly if you are careful and try to keep outside HTTPS/SSH access narrowed down to just a few outside fixed IP's that are 'owned' by you or your business. Managing a firewall directly from it's outside IP address is a must if you are changing IPsec passwords, certificates, or changing the VPN configuration. Don't use telnet on an outside interface if you don't have to for security reasons.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide