06-20-2007 04:15 AM - edited 03-11-2019 03:33 AM
VPN clients are able to ping all devices on the network BUT those located in the management subnet. My ASA has a direct connection to the management interface and therefore the subnet.
Solved! Go to Solution.
06-20-2007 05:34 AM
Good one too, take it off (management-only)
and if you want to access the own firewall at management ip you have to issue the global command management-access management
06-20-2007 04:28 AM
Hi,
Have you created an nat exempt for management network?
06-20-2007 04:41 AM
thanks for the quick reply. I have the following nat exempt:
access-list nonat extended permit ip any 172.16.250.0 255.255.255.0
the subnet above is for the VPN clients.
06-20-2007 04:45 AM
Even you though you have the permit any to XXX.XXX.XXX.XXX and the xxx is the vpn network you have to apply the nat exempt in the management interface, the exempt are not globaly aplied, it's for each interface, so if you have only one exempt created it's prety much the problem
06-20-2007 05:03 AM
I am not sure that I am following you. Are you saying to add the following:
nat (management) 0 access-list nonat
or
nat (management) 1 access-list nonat
06-20-2007 05:05 AM
nat (management) 0 access-list nonat And if you have an split tunnel at the tunnel you have to put the management network to be tunneled, you can verify that at the client when you connect. you can right cliek the lock icon go to statistics than route and see which networks are going through the tunnel.
06-20-2007 05:26 AM
Thanks. However, that did not work.
06-20-2007 05:29 AM
It should!
06-20-2007 05:30 AM
Is the interface management-only?
06-20-2007 05:32 AM
Yes, the interface is management only.
nameif management
security-level 100
ip address 10.0.255.251 255.255.255.0 standby 10.0.255.252
management-only
06-20-2007 05:34 AM
Good one too, take it off (management-only)
and if you want to access the own firewall at management ip you have to issue the global command management-access management
06-20-2007 06:55 AM
Thanks much both for your inputs.
06-20-2007 07:03 AM
I thought I brought up the "management-only"?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: