cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
874
Views
0
Helpful
5
Replies

asdm and ssh management through VPN tunnel

kdepijper
Level 1
Level 1

Hello,

I want to manage my ASA 8.0.4 through a connection with VPN client. When connected, I can ping the ASA, but trying ssh/asdm gives me a TCP Intercept error. Could it be antispoofing enabled? If yes, should I route the vpn-client range towards the outside ? I did not do it, because ping is working ...

I have antispoofing enabled on all interface, and the vpn-client range is part of a subnet of the inside interface

Thanks! Karien

5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

Karien,

Generally you would want to have a separate pool network range for RA be totally different from that of any of inside subnets.

also for managing asa through vpn tunnel you need one config statement.

asa(config)#management-access inside

Rgds

Jorge

Jorge Rodriguez

Hi Jorge,

thanks for your reply

Internally we have 10/8 addresses, with a specific 10.X.X/24 one for the RA. Routing should be able to deal with this I guess ..

I have the command asa(config) #managment-access management. Because this is the interface where we are managing.

My main question:

1/do I need configure a specific route for my RA pool?

2/ in my ASDM access settings, where should I put my RA pool ? on the outside or on the management interface ?

Thanks a lot

Karien

kdepijper
Level 1
Level 1

Hello,

So no extra routes are needed, they are just added when I connect with the client

I have this enabled,

asa(config)# management-access management

but I have the TCP intercept error.

any idea?

Karien

Karien, the RA setup and management-access is prety much straight forward for managing asa via vpn tunnel , there must be something not right in the config.. if we could perhaps see a sanatized config would help.

Rgds

Jorge

Jorge Rodriguez

Can you post sanatized config

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: