cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1030
Views
0
Helpful
2
Replies

Cisco ASA CX - RA VPN

Ashley Sahonta
Level 1
Level 1

Hi,

I currently have all internal traffic redirected to the CX module for web filtering, the issue I have though is that I can only manage the CX internally. I have an admin RA VPN profile that I would like to use to manage the CX.

Has anyone got any advice on how to configure this? I am using ACLs to divert traffic and all subnets have been redircted to the CX module

Cheers,

Ash

2 Replies 2

I'm assuming that the management of the CX is through the ASAs managment.  If so, is really an ASA thing more than a CX thing...  

On the ASA, you want to enter "managment-access "   to allow managment via a VPN tunnel to an interface.  From:http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_management.html

Configuring Management Access Over a VPN Tunnel

If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec site-to-site, and the AnyConnect SSL VPN client.

This section includes the following topics:

Licensing Requirements for a Management Interface

Guidelines and Limitations, page 37-12

Configuring a Management Interface

Licensing Requirements for a Management Interface

The following table shows the licensing requirements for this feature:

Model

License Requirement

All models

Base License.

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single mode.

Firewall Mode Guidelines

Supported in routed mode.

IPv6 Guidelines

Supports IPv6.

Additional Guidelines

You can define only one management access interface.

Configuring a Management Interface

To configure the management interface, enter the following command:

Command

Purpose

management access management_interface

Example:

hostname(config)# management access inside

The management_interface specifies the name of the management interface that you want to access when entering the ASA from another interface.

Hi,

Thanks for the post, however this does not work.

The management interface network does not have access to the internet - I assume this could be a factor.

Do you know how to configure the management access to reach the internet?