ASA Management/NAT Problem

Unanswered Question

Hi All,

I appear to have a NAT problem with ASA build 7.2(3). I cannot SSH or SSL (with CSM) through the inside interface to the outside interface i.e. I want to manage the device on its external interface. I want to manage the device on its external interface as I have a second CSM server at a remote site. I receive the following errors when I SSH from an internal host to the external interface:


%ASA-6-302013: Built inbound TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 (x.x.x.x/3265) to NP Identity Ifc:y.y.y.y/22 (y.y.y.y/22)

%ASA-6-302014: Teardown TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 to NP Identity Ifc:y.y.y.y/22 duration 0:00:00 bytes 0 TCP Reset-I


Both the external and internal interface are logical interfaces on the same physical. Could this be the problem?


Thanks,

Paul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Fri, 12/21/2007 - 05:11
User Badges:
  • Blue, 1500 points or more

do you have "management-access outside" configured?

why don't you post your config.

Hi,

Thanks for the tip, however, I still cannot connect. When I try to establish a SSL connection from the remote CSM server to the internal interface of the local ASA I get a anti spoof error:


Deny IP spoof from (x.x.x.x) to y.y.y.y on interface TRANSIT


And, when I try to establish a SSL or SSH from the local CSM server to the external interface of the local ASA. I get the NP Indentity error previously posted.


I can't post the configs because its a clients network i.e. I don't have permission.


Thanks,

Paul

Actions

This Discussion