I recently upgraded my ASA5505 to 8.2.1 from 7.2 and have oddly lost the ability to manage the unit from a VPN connection (via ASDM or SSH). Prior to the upgrade, I was able to connect via either method without issue over the VPN. Internally, I continue to have no issue.
The failure message on the ASDM client when I try to connect remotely is 'Unable to launch device manager from 10.x.x.x:4444'. If I look at the console output in Informational mode, I see eventually there is a 'Flow terminated by TCP intercept' as it relates to the conversation between the ASA and my remote system.
The lines of the config are (I've got webvpn running on 443):
http server enable 4444
http 10.x.x.x 255.x.x.x inside
http 192.x.x.x 255.x.x.x outside
The 192 range is the VPN DHCP range that the VPN clients get (and I've verified) such that these systems should be able to connect to the ASDM or SSH management interface.
Is there another ACL I need to make this work? Not sure why it worked without issue on 7.2 and as soon as I upgraded to 8.2.1, it stopped, without any (manual) changes to the config.
Thanks in advance for the assistance!
point VPN network ssh interface to inside instead of outside, should work, while vpn-in ssh to asa inside interface ip address.
no ssh 192.x.x.x. 255.x.x.x outside
ssh 192.x.x.x. 255.x.x.x inside