ASA 5510 Accessing Inside Interface While using VPN

Unanswered Question
Apr 9th, 2008

We need to be able to access the Device via SSH while connected VIA VPN.

I have added it to the management access:

pix(config)#management-access inside

And it says I need to add the correct access. I have SSH added to my ACL on the outside interface coming in and can SSH into servers on the inside.

So do I also need to add ac ACL to the inside Interface to allow this ssh access to the Device?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Wed, 04/09/2008 - 07:01

No, all you should need is...

management-access inside

ssh inside

shawnreis Wed, 04/09/2008 - 09:41

I tried that with no luck. Just to make sure, I removed the management access and readded:

ASA(config)# management-access inside-vpn

Please remove the management access before configure a new one

ASA(config)# no management-access inside-vpn

ASA(config)# management-access inside-vpn

I also have the SSH setup:

ASA# show ssh

Timeout: 5 minutes

Versions allowed: 1 and 2 inside-vpn

xx.xx.32.0 inside-vpn

I know the SSH works since I have used it.(while not being connected via VPN) I have also set my IP address to match one in our VPN DHCP range and from there I can SSH into the Device. Just not directly while VPN'd in.

Although while connected to the VPN I can ssh into a server and then into the device. I would rather not have to do that.



acomiskey Wed, 04/09/2008 - 09:58

If you are split tunneling, make sure the inside interface is part of you split tunnel acl.

shawnreis Wed, 04/09/2008 - 10:40

When I setup my split tunneling I made a standard ACL and that just says Permit my network. (and is working fine)

Do I need a line just for my Inside interface?

shawnreis Wed, 04/09/2008 - 10:59

Yes it is.

I can SSH into it from anywhere on my network just not while connected to the VPN. I can Telnet to it and ping it while using VPN, just not SSH.


This Discussion