asdm and ssh management through VPN tunnel

Unanswered Question
Oct 17th, 2008
User Badges:

Hello,

I want to manage my ASA 8.0.4 through a connection with VPN client. When connected, I can ping the ASA, but trying ssh/asdm gives me a TCP Intercept error. Could it be antispoofing enabled? If yes, should I route the vpn-client range towards the outside ? I did not do it, because ping is working ...

I have antispoofing enabled on all interface, and the vpn-client range is part of a subnet of the inside interface


Thanks! Karien

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 10/17/2008 - 04:31
User Badges:
  • Green, 3000 points or more

Karien,


Generally you would want to have a separate pool network range for RA be totally different from that of any of inside subnets.


also for managing asa through vpn tunnel you need one config statement.


asa(config)#management-access inside



Rgds

Jorge





kdepijper Fri, 10/17/2008 - 04:49
User Badges:

Hi Jorge,

thanks for your reply


Internally we have 10/8 addresses, with a specific 10.X.X/24 one for the RA. Routing should be able to deal with this I guess ..


I have the command asa(config) #managment-access management. Because this is the interface where we are managing.


My main question:

1/do I need configure a specific route for my RA pool?

2/ in my ASDM access settings, where should I put my RA pool ? on the outside or on the management interface ?


Thanks a lot

Karien


kdepijper Fri, 10/17/2008 - 07:50
User Badges:

Hello,

So no extra routes are needed, they are just added when I connect with the client


I have this enabled,

asa(config)# management-access management

but I have the TCP intercept error.


any idea?


Karien

JORGE RODRIGUEZ Fri, 10/17/2008 - 08:28
User Badges:
  • Green, 3000 points or more

Karien, the RA setup and management-access is prety much straight forward for managing asa via vpn tunnel , there must be something not right in the config.. if we could perhaps see a sanatized config would help.


Rgds

Jorge



Actions

This Discussion