01-30-2008 08:39 AM - edited 03-11-2019 04:56 AM
I have setup a IPsec VPN Client connection to a PIX515 Firewall pair. It works as expected in most respects, I can gain access to all devices on the internel network, except the active firewall. I can ping the inside address, but not telnet,ssh or asdm.
The PIX is running 8.0(3) software, I have checked the nat0 access list and it looks fine. I have confirmed that "management-access inside" has been configured.
When I try and connect (ssh) I get the following error messages (sanitised), but cannot find any information on NP Identity.
Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 760 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)
Jan 30 2008 16:46:16: %PIX-6-302014: Teardown TCP connection 760 for outside:10.20.1.226/2800 to NP Identity Ifc:10.20.1.253/22 duration 0:00:00 bytes 0 Flow terminated by TCP Intercept (userid)
Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 761 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)
10.20.1.226 is the pool allocated VPN address.
10.20.1.253 is the inside address of the firewall.
I have recently setup a very similar configuration, on an ASA device, running the same software versions and it works fine.
Suggestions appreciated.
01-30-2008 08:50 AM
Hi Mark, ¨
try adding statement
management-access inside
it should provide for firewall management over IPsec tunnel, see if that helps.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1863771
Rgds
Jorge
01-30-2008 08:53 AM
Jorge,
statement is already there..
Mark
01-30-2008 09:35 AM
I tried removing it, and the behaviour changes slightly, without the management-access statement the ssh session closes immediately, with it the session hangs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide