Can't access management interface via vpn connection

Unanswered Question
Jun 10th, 2009
User Badges:

Hi all,

I can't seem to be able to manage my ASA 5510 when I connect via vpn. My asa sits at a remote colo, and from my office i can connect fine. I have it configured as management-access (dmz), bc as of now we are just doing some staging and all the servers are in the dmz interface.


When i connect with the vpn client, in the routes it sees 192.168.1.0 255.255.255.0 which is the management network/interface.


For some reason I can't get access to 192.168.1.1 to use the ASDM.


Here is how i did my vpn via CLI


isakmp enable outside

isakmp identity address

isakmp policy 10

authentication pre-share

encryption des

hash md5

group 2

lifetime 86400



ip local pool vpnpool 10.1.1.2-10.1.1.10


access-list split_tunnel standard permit 192.168.200.0 255.255.255.0

access-list split_tunnel standard permit 192.168.100.0 255.255.255.0

access-list split_tunnel standard permit 192.168.1.0 255.255.255.0


group-policy xxxxx internal

group-policy xxxxx attributes

dns value

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel


username xxxxx password

username xxxxxx attributes

vpn-group-policy xxxx


username xxxxxx password

username xxxxxx attributes

vpn-group-policy xxxx


username xxxx password

username xxxx attributes

vpn-group-policy xxxx



tunnel-group xxxx type ipsec-ra

tunnel-group xxxx general-attributes

address-pool vpnpool


tunnel-group xxxx ipsec-attributes

pre-shared-key

access-list vpnra permit ip 192.168.200.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list vpnra permit ip 192.168.100.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list vpnra permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

nat (inside) 0 access-list vpnra

nat (dmz) 0 access-list vpnra

nat (management) 0 access-list vprna


crypto ipsec transform-set md5des esp-des esp-md5-hmac

crypto dynamic-map dynomap 10 set transform-set md5des

crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap

crypto map vpnpeer interface outside



Any help would be much appreciated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
proffessor1979 Wed, 06/10/2009 - 11:44
User Badges:

no I have that in there. see my first few lines. I configured management-access (dmz)


still can't use asdm through vpn. Could it be b/c of split tunneling is enabled or a binding issue? Not sure how to go about troubleshooting it.


Thanks for the reply

proffessor1979 Wed, 06/24/2009 - 10:39
User Badges:

anyone? Still can't get access, it's very frustrating as it seems like a simple thing yet it's not working

Actions

This Discussion