Solved: Re: Yes... I had the same problem - Page 2

Edward Luna · ‎05-21-2012

Hello again

I configured ASA 5510 management through the inside interface. When I am in the office connected to the LAN I have no problem running ASDM. However, when I'm outside the office and I connect through the Cisco SSL VPN Service I can't manage the ASA5510 even though I can access all the shared resources on the network.

When I attempt to run ASDM when connected via VPN I get the error message.. "Unable to launch device manager from x.x.x.x" (inside address of the ASA5510).

How dangerous would it be if I just activated management via the Outside interface?

Ed

Edward Luna · ‎05-25-2012

I would like to take a moment to thank everyone for their help in solving this problem. It turns out that most (if not all) the answers provided by the folks who responded to my problem were correct. Each response addressed the issue in an appropriate manner and had I been more knowledgeable about Cisco VPN's, the information provided by everyone would have been sufficient for me to have solved the problem.

On the chance that others might benefit from my experience with this problem, I thought it might be worthwhile to explain in a little more detail what it was that finally solved my problem. The missing piece of information... (which I found in a Cisco step-by-step VPN setup procedure)... was to create what is called an "Exempt Route". The step-by-step procedure stated that the VPN address pool and the inside address pool should be different. The fact that they are different requires that a Route exists between the two networks. When I had originally created the route I mistakenly created a "Static Route". This was an error... the route must be an "Exempt Route". As soon as I created the Exempt Route everything began to work.

Thanks again to all.

Ed

hendersonnv · ‎06-06-2012

If there is any more clarification on this matter.

I'm confused on this also. I have a twice nat rule applied that allows me to access the inside network, can ping the inside interface, and can access the inside http web page but I still get the "Unable to launch the device manager from IP"

Since the Exempt route is already created and all other access works...is there another specific command that needs to be input in order for the asdm to respond to the VPN address space?

I have

ojbect network Inside

network 192.168.1.0/24

object network VPN

network 192.168.3.0/24

nat (inside,outside) source static Inside Inside destination static VPN VPN

Everything works BUT ASDM, was there another set of commands requiring NAT for the ASA Inside interface?

iOS 8.4(1)

vinayak.jagtap · ‎08-21-2015

Yes... I had the same problem...

managment-access inside

works

johannes.nielandt · ‎06-05-2018

Me too, even with managment-access inside

After software upgrade the login was not possible anymore.

I removed the management-access from config and reconfigured it. That fixed it.

garzaangel · ‎08-07-2018

This config worked for me:

ASA version 9.x

ASA#
conf t
!
http server enable
http 172.16.0.0 255.255.255.0 inside
ssh 172.16.0.0 255.255.255.0 inside
!
management-access inside
!
asdm image disk0:/asdm-xxx.bin
asdm location 172.16.0.0 255.255.255.0 inside
!
ip local pool ANYCONNECT_VPN_POOL 172.16.0.0-172.16.0.255 mask 255.255.255.0
!
object-group network INSIDE_SUBNET
network-object 10.0.0.0 255.255.255.0
object-group network ANYCONNECT_SUBNET
network-object 172.16.0.0 255.255.255.0
!
nat (inside,outside) source static INSIDE_SUBNET INSIDE_SUBNET destination static ANYCONNECT_SUBNET ANYCONNECT_SUBNET no-proxy-arp route-lookup

interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0 standby 10.0.0.2
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
!
end
write memory

If it doesn't work the first time try removing and re-adding this command, as johannes.nielandt said, it also worked for me:

no management-access inside
management-access inside

Question about ASDM through VPN