I am hoping that someone on here can help me out, as I am going out of my mind with this issue that I've been working on for the last few days.
I have a customer that has an ASA5510 behind their ISP router, and we are using it as a RAS VPN server for some remote workers. The VPNs all work fine, and we can connect, and reach devices on the network ok. However, when it comes to managing the ASA over the VPN either via asdm or telnet, the session fails.
The RAS users get allocated an address in the 10.9.1.0/24 subnet, and this is routable from the ASA (the route table shows it as a static route, via the ISP router when an VPN user is connected). The VPN users can ping the inside interface on the ASA ok as well. Users on the inside interface (LAN side) can use telnet & ASDM, so I know that the server processes are running on the ASA ok.
Looking at the debug/monitor on the ASA, I don't see the telnet/http sessions being blocked by any ACLS or anything which is what is really confusing me!
I've attached a config if you would like to take a look...
As an aside - the customer has a 2nd ASA on the same LAN segment (10.0.1.x), and when users are connected to the 1st ASA via VPN, they can manage the 2nd ASA with telnet/ASDM no problem. I suspect that this is because the 2nd box sees the 10.9.1.x addresses as inside, whereas the 1st ASA sees the 10.9.1.x addresses as outside.
Any help would be really appreciated!