01-30-2008 08:39 AM - edited 03-11-2019 04:56 AM
I have setup a IPsec VPN Client connection to a PIX515 Firewall pair. It works as expected in most respects, I can gain access to all devices on the internel network, except the active firewall. I can ping the inside address, but not telnet,ssh or asdm.
The PIX is running 8.0(3) software, I have checked the nat0 access list and it looks fine. I have confirmed that "management-access inside" has been configured.
When I try and connect (ssh) I get the following error messages (sanitised), but cannot find any information on NP Identity.
Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 760 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)
Jan 30 2008 16:46:16: %PIX-6-302014: Teardown TCP connection 760 for outside:10.20.1.226/2800 to NP Identity Ifc:10.20.1.253/22 duration 0:00:00 bytes 0 Flow terminated by TCP Intercept (userid)
Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 761 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)
10.20.1.226 is the pool allocated VPN address.
10.20.1.253 is the inside address of the firewall.
I have recently setup a very similar configuration, on an ASA device, running the same software versions and it works fine.
Suggestions appreciated.
01-30-2008 08:50 AM
Hi Mark, ¨
try adding statement
management-access inside
it should provide for firewall management over IPsec tunnel, see if that helps.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1863771
Rgds
Jorge
01-30-2008 08:53 AM
Jorge,
statement is already there..
Mark
01-30-2008 09:35 AM
I tried removing it, and the behaviour changes slightly, without the management-access statement the ssh session closes immediately, with it the session hangs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: