Solved: ASA5505 Management Through VPN/Anyconnect Without Group

caplinktech · ‎05-20-2009

I have 2 questions on ASA configuration.

The first is related to SSL VPN configuration. We only have a single group of users that will be connecting to our main office via remote access. Is there a way to configure SSL VPN to not display a Group selection box?

I have omitting the tunnel-group-list enable command and configuring group lock on the user accounts, but neither works.

Secondly, I am at a loss as to how to configure ssh to allow connections from users connected through the VPN. I assumed that:

ssh 172.16.1.0 255.255.255.0 inside

with 172.16.1.0 /24 being the ip pool assigned to remote access vpn users woudl do it, however, it is a no go. How can remote access users (who are mostly all technicians) be granted the ability to log into the device?

Thanks for your assistance.

steve9013 · ‎05-24-2009

To be able to manage the ASA via SSH over a VPN tunnel, you'll need to enter the configuration command "man in".

View solution in original post

Collin Clark · ‎05-21-2009

A group is required. I opened a TAC case about SSL VPN once and I was told that it is a requirement. I just verified that I can VPN in and the SSH to the device. I, like you stated, allowed the IP Pool subnet access. Could you try a debug on SSH and see if it points something out?

caplinktech · ‎05-28-2009

Thank you fo rthe information on the group being required.

steve9013 · ‎05-24-2009

To be able to manage the ASA via SSH over a VPN tunnel, you'll need to enter the configuration command "man in".

caplinktech · ‎05-28-2009

Thank you Steve. That did the trick.