06-09-2008 02:13 PM - edited 02-21-2020 03:46 PM
How can we setup access to manage the pix (ssh and asdm) over a vpn client connection? We have given access to the pix via ssh and asdm to the VPN sunbet, but cannot access the pix. The commands we entered are below:
ssh 111.111.111.0 255.255.255.0 outside
http 111.111.111.0 255.255.255.0 outside
111.111.111.0 255.255.255.0 is our VPN subnet
Any ideas would be great. Thanks
06-09-2008 06:26 PM
Are you using any split tunneling for the VPN connections, Or perhaps a vpn-filter?
After your VPN is established, what error do you see to get SSH/ASDM working?
Also have a look at the 'management-access' command:
http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/m_711.html#wp1631964
Regards
Farrukh
06-09-2008 08:46 PM
Yes, we are using split tunneling. The subnet for the inside interface of the pix is 192.168.0.0. We can get to other devices on that same subnet (webservers, dns, etc) using the vpn client, but cannot access the pix with SSH or asdm. We have looked at the syslogs, but do not see anything out of the ordinary.
06-09-2008 09:44 PM
Did you try the management-access command?
Regards
Farrukh
06-10-2008 06:13 AM
Currently we have this in our config:
http server enable
http 111.111.111.0 255.255.255.0 inside (tried both inside & outside)
management-access inside
06-10-2008 11:53 AM
This might be a stupid question, but have you tried ASDM/SSH from the inside (normal LAN users)? just to make sure all is well (Crypto keys, ASDM image etc.)
Regards
Farrukh
06-10-2008 12:45 PM
Yes we have. We can both SSH and ASDM access to the Pix from the "inside".
06-12-2008 02:28 AM
does the vpn not come in on the outside interface?
06-12-2008 02:43 PM
Yes, it does terminate on the outside interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide