Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
0
Helpful
2
Replies

Cisco ASA CX - RA VPN

Ashley Sahonta
Level 1
Level 1

‎08-09-2013 07:56 AM

Hi,

I currently have all internal traffic redirected to the CX module for web filtering, the issue I have though is that I can only manage the CX internally. I have an admin RA VPN profile that I would like to use to manage the CX.

Has anyone got any advice on how to configure this? I am using ACLs to divert traffic and all subnets have been redircted to the CX module

Cheers,

Ash

Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎08-09-2013 08:10 AM

I'm assuming that the management of the CX is through the ASAs managment.  If so, is really an ASA thing more than a CX thing...  

On the ASA, you want to enter "managment-access "   to allow managment via a VPN tunnel to an interface.  From:http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_management.html

Configuring Management Access Over a VPN Tunnel

If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different interface, you can identify that interface as a management-access interface. For example, if you enter the ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH, Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface. Management access is available via the following VPN tunnel types: IPsec clients, IPsec site-to-site, and the AnyConnect SSL VPN client.

This section includes the following topics:

Licensing Requirements for a Management Interface

Guidelines and Limitations, page 37-12

Configuring a Management Interface

Licensing Requirements for a Management Interface

The following table shows the licensing requirements for this feature:

Model

License Requirement

All models

Base License.

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single mode.

Firewall Mode Guidelines

Supported in routed mode.

IPv6 Guidelines

Supports IPv6.

Additional Guidelines

You can define only one management access interface.

Configuring a Management Interface

To configure the management interface, enter the following command:

Command

Purpose

management access management_interface

Example:

hostname(config)# management access inside

The management_interface specifies the name of the management interface that you want to access when entering the ASA from another interface.

0 Helpful

Ashley Sahonta
Level 1
Level 1
In response to Ken Stieers

‎10-28-2013 03:52 AM

Hi,

Thanks for the post, however this does not work.

The management interface network does not have access to the internet - I assume this could be a factor.

Do you know how to configure the management access to reach the internet?

0 Helpful
Customers Also Viewed These Support Documents