10-17-2008 04:13 AM
Hello,
I want to manage my ASA 8.0.4 through a connection with VPN client. When connected, I can ping the ASA, but trying ssh/asdm gives me a TCP Intercept error. Could it be antispoofing enabled? If yes, should I route the vpn-client range towards the outside ? I did not do it, because ping is working ...
I have antispoofing enabled on all interface, and the vpn-client range is part of a subnet of the inside interface
Thanks! Karien
10-17-2008 04:31 AM
Karien,
Generally you would want to have a separate pool network range for RA be totally different from that of any of inside subnets.
also for managing asa through vpn tunnel you need one config statement.
asa(config)#management-access inside
Rgds
Jorge
10-17-2008 04:49 AM
Hi Jorge,
thanks for your reply
Internally we have 10/8 addresses, with a specific 10.X.X/24 one for the RA. Routing should be able to deal with this I guess ..
I have the command asa(config) #managment-access management. Because this is the interface where we are managing.
My main question:
1/do I need configure a specific route for my RA pool?
2/ in my ASDM access settings, where should I put my RA pool ? on the outside or on the management interface ?
Thanks a lot
Karien
10-17-2008 07:50 AM
Hello,
So no extra routes are needed, they are just added when I connect with the client
I have this enabled,
asa(config)# management-access management
but I have the TCP intercept error.
any idea?
Karien
10-17-2008 08:28 AM
Karien, the RA setup and management-access is prety much straight forward for managing asa via vpn tunnel , there must be something not right in the config.. if we could perhaps see a sanatized config would help.
Rgds
Jorge
10-17-2008 02:58 PM
Can you post sanatized config
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: