Unable manage ASA thru after connecting VPN

RamuChichula · ‎03-17-2009

Hi,

After connecting to Cisco Vpn client i m unable to manage my VPN server eventhough i have made a policy to access ASA after vpn connceted,but no result has come ,other policies working properly.Thru Same Vpn client i am not able to access Cisco ASA 5510 VPN server.

Kindly provide solution.

Tnks

Ramu

mfreijser · ‎03-18-2009

Let's see if I understand your question correctly: You use a Cisco VPN Client to connect to a ASA5510. But you found out that you cannot open a manegement connection to the outside Ã³r inside of the ASA when you have a VPN connection.

If you have a VPN tunnel with no split-tunneling configured, then you just can't set up a management connection to the outside interface of the ASA. This can only be done by configuring split-tunnel.

Then only the inside interface of the ASA is left to connect to. This is only possible with the "management-access inside" command is configured in global configuration mode. The inside interface of the ASA cannot be accessed from the outside, unless you configure the "management-access inside" command.

In a nutshell:

- Configure split-tunneling on you VPN Client connection so you can directly connect to the outside interface of the ASA when you have a VPN (less desirable option)

- Configure the management-access command so you can access the inside interface from the ASA when you have a VPN Client connection (more desirable!)

I hope this information helps!

Regards,

MichaÃ«l

jon.helmer · ‎03-18-2009

Ramu-

Have you used the "management-access" command to enable management access to an internal interface when connected via VPN?

http://www.cisco.com/en/US/customer/docs/security/asa/asa80/command/reference/m.html#wp1987122

For example:

management-access inside

will allow you to connect to the "inside" IP address when connected via VPN.

-Jon