11-26-2008 06:28 AM - edited 03-11-2019 07:18 AM
Hello,
I have a ASA5505 and a ASA5510 successfully setup and running a site to site VPN. I can manage (SSH and ASDM) the local ASA without any problems. I'm unsuccessful when trying to manage the remote ASA.
- Should I be connecting to the outside interface or the inside interface on the remote ASA?
- Do I need ACLs to allow the traffic (I've tried and have been unsuccessful)?
Attached you'll find a network diagram for easier analysis.
I'd post the ASA configs but I'm not sure what would be relevant. Any help is much appreciated.
Matt
Solved! Go to Solution.
11-26-2008 07:23 AM
If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:
Let's say your inside interface on the ASA is 10.0.0.1:
ssh 10.0.0.0 255.255.255.0 inside
If your remote site is 10.50.0.0/24 then add:
ssh 10.50.0.0 255.255.255.0 inside
Let me know if this works :-)
HTH,
John
11-26-2008 07:32 AM
In addition to John's post.
For managing the asa over an Ipsec tunnel you also need magament-access
where name_if whichever management interface you define in your fw.
for example typical scenario
asa(config)#management-access inside
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497
Rgds
Jorge
11-26-2008 07:23 AM
If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:
Let's say your inside interface on the ASA is 10.0.0.1:
ssh 10.0.0.0 255.255.255.0 inside
If your remote site is 10.50.0.0/24 then add:
ssh 10.50.0.0 255.255.255.0 inside
Let me know if this works :-)
HTH,
John
11-26-2008 07:32 AM
In addition to John's post.
For managing the asa over an Ipsec tunnel you also need magament-access
where name_if whichever management interface you define in your fw.
for example typical scenario
asa(config)#management-access inside
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497
Rgds
Jorge
11-26-2008 07:52 AM
That was it. THANKS FOR THE HELP.
Matt
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: