asdm and ssh management through VPN tunnel

Unanswered Question
Oct 17th, 2008

Hello,

I want to manage my ASA 8.0.4 through a connection with VPN client. When connected, I can ping the ASA, but trying ssh/asdm gives me a TCP Intercept error. Could it be antispoofing enabled? If yes, should I route the vpn-client range towards the outside ? I did not do it, because ping is working ...

I have antispoofing enabled on all interface, and the vpn-client range is part of a subnet of the inside interface

Thanks! Karien

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 10/17/2008 - 04:31

Karien,

Generally you would want to have a separate pool network range for RA be totally different from that of any of inside subnets.

also for managing asa through vpn tunnel you need one config statement.

asa(config)#management-access inside

Rgds

Jorge

kdepijper Fri, 10/17/2008 - 04:49

Hi Jorge,

thanks for your reply

Internally we have 10/8 addresses, with a specific 10.X.X/24 one for the RA. Routing should be able to deal with this I guess ..

I have the command asa(config) #managment-access management. Because this is the interface where we are managing.

My main question:

1/do I need configure a specific route for my RA pool?

2/ in my ASDM access settings, where should I put my RA pool ? on the outside or on the management interface ?

Thanks a lot

Karien

kdepijper Fri, 10/17/2008 - 07:50

Hello,

So no extra routes are needed, they are just added when I connect with the client

I have this enabled,

asa(config)# management-access management

but I have the TCP intercept error.

any idea?

Karien

JORGE RODRIGUEZ Fri, 10/17/2008 - 08:28

Karien, the RA setup and management-access is prety much straight forward for managing asa via vpn tunnel , there must be something not right in the config.. if we could perhaps see a sanatized config would help.

Rgds

Jorge

Actions

This Discussion