05-20-2009 02:08 PM - edited 02-21-2020 04:14 PM
I have 2 questions on ASA configuration.
The first is related to SSL VPN configuration. We only have a single group of users that will be connecting to our main office via remote access. Is there a way to configure SSL VPN to not display a Group selection box?
I have omitting the tunnel-group-list enable command and configuring group lock on the user accounts, but neither works.
Secondly, I am at a loss as to how to configure ssh to allow connections from users connected through the VPN. I assumed that:
ssh 172.16.1.0 255.255.255.0 inside
with 172.16.1.0 /24 being the ip pool assigned to remote access vpn users woudl do it, however, it is a no go. How can remote access users (who are mostly all technicians) be granted the ability to log into the device?
Thanks for your assistance.
Solved! Go to Solution.
05-24-2009 06:30 PM
To be able to manage the ASA via SSH over a VPN tunnel, you'll need to enter the configuration command "man in".
05-21-2009 01:10 PM
A group is required. I opened a TAC case about SSL VPN once and I was told that it is a requirement. I just verified that I can VPN in and the SSH to the device. I, like you stated, allowed the IP Pool subnet access. Could you try a debug on SSH and see if it points something out?
05-28-2009 08:13 AM
Thank you fo rthe information on the group being required.
05-24-2009 06:30 PM
To be able to manage the ASA via SSH over a VPN tunnel, you'll need to enter the configuration command "man in".
05-28-2009 08:10 AM
Thank you Steve. That did the trick.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: