site2site - HowTo telnet\ssh other side

ofir · ‎06-02-2011

I have a working site2site between 2 ASA5520 8.2(3)

I want side A to be able telnet\ssh to side B's ASA

using the telnet command would do it or should I also add an access-list?

Gustavo Medina · ‎06-02-2011

Hi,

ASA-A---------------L2L----------------------ASA-B

| |

X.X.X.X Y.Y.Y.Y

side B:

telnet X.X.X.X Z.Z.Z.Z inside >>> Z.Z.Z.Z is the subnet mask.

manegement-access inside

Regards,

ofir · ‎06-02-2011

this should be on side B? I would assume on A as you have to open access to A from B

Gustavo Medina · ‎06-02-2011

Yes that was for side B. That's all you need as you said the tunnel was already working between both ASAs therefore the communication should be good at this point. From hosts behind A, are you able to ping the inside interface of ASA-B?

Regards,

ofir · ‎06-02-2011

to make sure we're on the same page

all hosts behind A can access ASA_A - both ping and telnet

all hosts behind B can access ASA_A by ping but NOT telnet

I need hosts behind B to access ASA_A using telnet

Gustavo Medina · ‎06-02-2011

On the first post it says: "I want side A to be able telnet\ssh to side B's ASA"

On your last post it says: "I need hosts behind B to access ASA_A using telnet"

It doesn't matter, after all is the same thing for both; you said "all hosts behind B can access ASA_A by ping but NOT telnet" that means that the management-access command is aready in place for ASA_A. Could you post the "sh run telnet" from ASA_A? it has to include the hosts behind ASA_B

ofir · ‎06-02-2011

telnet X.X.X.0 255.255.255.0 mgmt
telnet Y.Y.Y.0 255.255.255.0 mgmt