10-17-2008 04:13 AM
Hello,
I want to manage my ASA 8.0.4 through a connection with VPN client. When connected, I can ping the ASA, but trying ssh/asdm gives me a TCP Intercept error. Could it be antispoofing enabled? If yes, should I route the vpn-client range towards the outside ? I did not do it, because ping is working ...
I have antispoofing enabled on all interface, and the vpn-client range is part of a subnet of the inside interface
Thanks! Karien
10-17-2008 04:31 AM
Karien,
Generally you would want to have a separate pool network range for RA be totally different from that of any of inside subnets.
also for managing asa through vpn tunnel you need one config statement.
asa(config)#management-access inside
Rgds
Jorge
10-17-2008 04:49 AM
Hi Jorge,
thanks for your reply
Internally we have 10/8 addresses, with a specific 10.X.X/24 one for the RA. Routing should be able to deal with this I guess ..
I have the command asa(config) #managment-access management. Because this is the interface where we are managing.
My main question:
1/do I need configure a specific route for my RA pool?
2/ in my ASDM access settings, where should I put my RA pool ? on the outside or on the management interface ?
Thanks a lot
Karien
10-17-2008 07:50 AM
Hello,
So no extra routes are needed, they are just added when I connect with the client
I have this enabled,
asa(config)# management-access management
but I have the TCP intercept error.
any idea?
Karien
10-17-2008 08:28 AM
Karien, the RA setup and management-access is prety much straight forward for managing asa via vpn tunnel , there must be something not right in the config.. if we could perhaps see a sanatized config would help.
Rgds
Jorge
10-17-2008 02:58 PM
Can you post sanatized config
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide