Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
3
Replies

ASA Management Across Site to Site VPN

Go to solution
mmaskart
Level 1
Level 1

‎11-26-2008 06:28 AM - edited ‎03-11-2019 07:18 AM

Hello,

I have a ASA5505 and a ASA5510 successfully setup and running a site to site VPN. I can manage (SSH and ASDM) the local ASA without any problems. I'm unsuccessful when trying to manage the remote ASA.

- Should I be connecting to the outside interface or the inside interface on the remote ASA?

- Do I need ACLs to allow the traffic (I've tried and have been unsuccessful)?

Attached you'll find a network diagram for easier analysis.

I'd post the ASA configs but I'm not sure what would be relevant. Any help is much appreciated.

Matt

Labels:
Preview file
41 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎11-26-2008 07:23 AM

If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:

Let's say your inside interface on the ASA is 10.0.0.1:

ssh 10.0.0.0 255.255.255.0 inside

If your remote site is 10.50.0.0/24 then add:

ssh 10.50.0.0 255.255.255.0 inside

Let me know if this works :-)

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to John Blakley

‎11-26-2008 07:32 AM

In addition to John's post.

For managing the asa over an Ipsec tunnel you also need magament-access

where name_if whichever management interface you define in your fw.

for example typical scenario

asa(config)#management-access inside

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497

Rgds

Jorge

Jorge Rodriguez

View solution in original post

0 Helpful
3 Replies 3

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎11-26-2008 07:23 AM

If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:

Let's say your inside interface on the ASA is 10.0.0.1:

ssh 10.0.0.0 255.255.255.0 inside

If your remote site is 10.50.0.0/24 then add:

ssh 10.50.0.0 255.255.255.0 inside

Let me know if this works :-)

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to John Blakley

‎11-26-2008 07:32 AM

In addition to John's post.

For managing the asa over an Ipsec tunnel you also need magament-access

where name_if whichever management interface you define in your fw.

for example typical scenario

asa(config)#management-access inside

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497

Rgds

Jorge

Jorge Rodriguez
0 Helpful

Go to solution
mmaskart
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎11-26-2008 07:52 AM

That was it. THANKS FOR THE HELP.

Matt

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card