05-21-2010 07:59 AM
We have a ASA 5520 running
Cisco Adaptive Security Appliance Software Version 8.2(2)
We have a split tunnel using IPSEC to access our internal network. The access list for the tech group is pretty simple:
access-list xxxx extended permit ip 10.0.0.0 255.0.0.0 10.100.10.0 255.255.255.0
access-list xxxx extended permit ip 192.168.0.0 255.255.0.0 10.100.10.0 255.255.255.0
access-list xxxx extended permit ip 172.16.0.0 255.240.0.0 10.100.10.0 255.255.255.0
This gives us access to all our internal network servers etc
The internal address for the ASA is on the 192.168.0.0. We can get to everything on this network except the ASA. Both SSH and CiscoASDM fails.
I would have thought that since since the ASA is covered by the 192.168.0.0 and thus be able to gain access??
05-21-2010 08:11 AM
Hi,
Have you configured ssh/asdm access for this IP source 10.100.10.0/24 ?
dont forget the packet is coming from the outside interface. (or another one, depends of your network)
I don't remember if I configured it... If I have some time I will test it.
++
Olivier
05-21-2010 08:33 AM
Thanks
We got the SSH to work, but still having problems connecting via ASDM
05-21-2010 09:40 AM
Ok, if you're connecting via SSH that means you have the command: management-access inside
that allows remote connectivity to the inside interface from a VPN tunnel.
Seems you're still having problems connecting via ASDM?
Question
Are you attempting to connect to the inside IP address through the tunnel and bring up ASDM? If so do you have the pool of VPN addresses allowed in the http access?
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide