asdm and ssh management through VPN tunnel

kdepijper · ‎10-17-2008

Hello,

I want to manage my ASA 8.0.4 through a connection with VPN client. When connected, I can ping the ASA, but trying ssh/asdm gives me a TCP Intercept error. Could it be antispoofing enabled? If yes, should I route the vpn-client range towards the outside ? I did not do it, because ping is working ...

I have antispoofing enabled on all interface, and the vpn-client range is part of a subnet of the inside interface

Thanks! Karien

JORGE RODRIGUEZ · ‎10-17-2008

Karien,

Generally you would want to have a separate pool network range for RA be totally different from that of any of inside subnets.

also for managing asa through vpn tunnel you need one config statement.

asa(config)#management-access inside

Rgds

Jorge

Jorge Rodriguez

kdepijper · ‎10-17-2008

Hi Jorge,

thanks for your reply

Internally we have 10/8 addresses, with a specific 10.X.X/24 one for the RA. Routing should be able to deal with this I guess ..

I have the command asa(config) #managment-access management. Because this is the interface where we are managing.

My main question:

1/do I need configure a specific route for my RA pool?

2/ in my ASDM access settings, where should I put my RA pool ? on the outside or on the management interface ?

Thanks a lot

Karien

kdepijper · ‎10-17-2008

Hello,

So no extra routes are needed, they are just added when I connect with the client

I have this enabled,

asa(config)# management-access management

but I have the TCP intercept error.

any idea?

Karien

JORGE RODRIGUEZ · ‎10-17-2008

Karien, the RA setup and management-access is prety much straight forward for managing asa via vpn tunnel , there must be something not right in the config.. if we could perhaps see a sanatized config would help.

Rgds

Jorge

Jorge Rodriguez

JORGE RODRIGUEZ · ‎10-17-2008

Can you post sanatized config

Jorge Rodriguez