CiscoWorks access on ASA box on end of the IPSec tunnel

Unanswered Question
Jul 2nd, 2007
User Badges:


I have Cisco Security Manager (CSM).

I have 2 boxes ASA. IPSec L2L tunnel is created between ASAs (between outside interfaces)

Cisco Security Manager is connected to first ASA. First ASA is managed by Cisco Security Manager, it is OK. But I have problem to get second ASA (ASA on end of IPSec tunnel) to CSM. CSM do not communicate with IP address on outside interface - on this IP address is ended IPSec tunnel and CSM does not communicate with other interfaces of ASA too.

Is It possible to communicate from CSM to ASA box over IPSec tunnel when IPSec tunnel is ended on this ASA box?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Mon, 07/02/2007 - 09:19
User Badges:
  • Green, 3000 points or more

For that traffic to cross the tunnel, the traffic must be defined in your crypto and nat exemption acl's.

Local ASA

access-list extended permit ip host host

access-list extended permit ip host host

Remote ASA

access-list extended permit ip host host

pslavkovsky Mon, 07/02/2007 - 09:25
User Badges:

Traffic is included in tunnel, there is no problem.

My question is:

On which interface of remote ASA will connect CSM?



This Discussion