Can't ping Pix over VPN but can PC's

Unanswered Question
Jul 25th, 2007
User Badges:

I can ping PC's over our remote VPN (concentrator to a remote Pix) but not the Pix that is over at the remote site. I am trying it's local IP address over the VPN.


However the PC's on the Pix's LAN can.


I can get on the ADSM using the Pix external IP, but I'd rather use the internal IP over the VPn tunnel.


Let me know what info you need.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Wed, 07/25/2007 - 06:35
User Badges:
  • Bronze, 100 points or more

Hi, you should use the "management-access inside " command.

whiteford Wed, 07/25/2007 - 06:47
User Badges:

Why is it I can't log into that with my forum username and password? Do I need a high level?

whiteford Wed, 07/25/2007 - 07:02
User Badges:

Sorry too about this, but I can't find this managment pane to enable this option on an interface via the ADSM.

mattiaseriksson Wed, 07/25/2007 - 07:15
User Badges:
  • Bronze, 100 points or more

Ok, and I really don't know about asdm.


Try to get on the console with ssh and enter the command, that must be a lot easier.

acomiskey Wed, 07/25/2007 - 07:15
User Badges:
  • Green, 3000 points or more

Try this...


Tools -> Command Line Interface -> Select Multiple line -> In the text box type...


config t

management-access inside


and select "Send"

whiteford Wed, 07/25/2007 - 07:20
User Badges:

I'll try that this won't change my current access over the Internet?

mattiaseriksson Wed, 07/25/2007 - 07:22
User Badges:
  • Bronze, 100 points or more

No. It will only enable management access over the vpn.

acomiskey Wed, 07/25/2007 - 07:24
User Badges:
  • Green, 3000 points or more

No, it should only change access when connected to the ASA via the vpn.

whiteford Wed, 07/25/2007 - 07:25
User Badges:

The reason I can't ping it over the VPN but can on-site, could this be a rule issue?

whiteford Wed, 07/25/2007 - 07:30
User Badges:

This is the error I got:


Result of the command: "conf t"


The command has been sent to the device



Result of the command: "management-access inside"


management-access inside

^

ERROR: % Invalid input detected at '^' marker.

acomiskey Wed, 07/25/2007 - 07:35
User Badges:
  • Green, 3000 points or more

Weird, this is what I get...


Result of the command: "config t"


The command has been sent to the device



Result of the command: "management-access inside"


The command has been sent to the device


mattiaseriksson Wed, 07/25/2007 - 07:29
User Badges:
  • Bronze, 100 points or more

It could be blocked. If you already have management-access inside enabled, rules could be the cause of the problem. Otherwise it is unlikely.

acomiskey Wed, 07/25/2007 - 07:36
User Badges:
  • Green, 3000 points or more

Found it...


Config -> Device Administration -> Management Access -> Select inside

whiteford Wed, 07/25/2007 - 07:39
User Badges:

Right I have selected the inside interface, but still no joy on connecting to the local IP. A remote user in that same subnet as the Pix can though.

whiteford Wed, 07/25/2007 - 07:46
User Badges:

7.1(2)


Would the fact that I don't have a service policy rule be a problem too with this?

mattiaseriksson Wed, 07/25/2007 - 08:01
User Badges:
  • Bronze, 100 points or more

It should not be a problem, this is a global command.


Can you execute "show management-access" in config mode?

whiteford Fri, 07/27/2007 - 05:02
User Badges:

I can now ping it's internal address over the VPN, but can't accesses it via the ADSM, any ideas?


management-access shows local_network


Thanks

acomiskey Fri, 07/27/2007 - 05:17
User Badges:
  • Green, 3000 points or more

you need to add


http outside

whiteford Fri, 07/27/2007 - 05:38
User Badges:

Still no luck, I put this in:


http 192.168.9.9 255.255.255.255 VPN


VPN is our tunnel to my office

Actions

This Discussion