ASA 5510 Accessing Inside Interface While using VPN

Unanswered Question
Apr 9th, 2008

We need to be able to access the Device via SSH while connected VIA VPN.


I have added it to the management access:


pix(config)#management-access inside


And it says I need to add the correct access. I have SSH added to my ACL on the outside interface coming in and can SSH into servers on the inside.


So do I also need to add ac ACL to the inside Interface to allow this ssh access to the Device?


Thanks

Moe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 04/09/2008 - 07:01

No, all you should need is...


management-access inside

ssh inside

shawnreis Wed, 04/09/2008 - 09:41

I tried that with no luck. Just to make sure, I removed the management access and readded:


ASA(config)# management-access inside-vpn

Please remove the management access before configure a new one


ASA(config)# no management-access inside-vpn


ASA(config)# management-access inside-vpn



I also have the SSH setup:

ASA# show ssh

Timeout: 5 minutes

Versions allowed: 1 and 2

192.168.192.0 255.255.255.0 inside-vpn

xx.xx.32.0 255.255.255.128 inside-vpn


I know the SSH works since I have used it.(while not being connected via VPN) I have also set my IP address to match one in our VPN DHCP range and from there I can SSH into the Device. Just not directly while VPN'd in.


Although while connected to the VPN I can ssh into a server and then into the device. I would rather not have to do that.


Thanks

Moe

acomiskey Wed, 04/09/2008 - 09:58

If you are split tunneling, make sure the inside interface is part of you split tunnel acl.

shawnreis Wed, 04/09/2008 - 10:40

When I setup my split tunneling I made a standard ACL and that just says Permit my network. (and is working fine)


Do I need a line just for my Inside interface?

shawnreis Wed, 04/09/2008 - 10:59

Yes it is.


I can SSH into it from anywhere on my network just not while connected to the VPN. I can Telnet to it and ping it while using VPN, just not SSH.

Actions

This Discussion