ASA Management Across Site to Site VPN

Answered Question
Nov 26th, 2008

Hello,

I have a ASA5505 and a ASA5510 successfully setup and running a site to site VPN. I can manage (SSH and ASDM) the local ASA without any problems. I'm unsuccessful when trying to manage the remote ASA.

- Should I be connecting to the outside interface or the inside interface on the remote ASA?

- Do I need ACLs to allow the traffic (I've tried and have been unsuccessful)?

Attached you'll find a network diagram for easier analysis.

I'd post the ASA configs but I'm not sure what would be relevant. Any help is much appreciated.

Matt

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 8 years 2 weeks ago

In addition to John's post.

For managing the asa over an Ipsec tunnel you also need magament-access

where name_if whichever management interface you define in your fw.

for example typical scenario

asa(config)#management-access inside

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497

Rgds

Jorge

Correct Answer by John Blakley about 8 years 2 weeks ago

If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:

Let's say your inside interface on the ASA is 10.0.0.1:

ssh 10.0.0.0 255.255.255.0 inside

If your remote site is 10.50.0.0/24 then add:

ssh 10.50.0.0 255.255.255.0 inside

Let me know if this works :-)

HTH,

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
John Blakley Wed, 11/26/2008 - 07:23

If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:

Let's say your inside interface on the ASA is 10.0.0.1:

ssh 10.0.0.0 255.255.255.0 inside

If your remote site is 10.50.0.0/24 then add:

ssh 10.50.0.0 255.255.255.0 inside

Let me know if this works :-)

HTH,

John

Actions

This Discussion