Can not access ASAs inside interface via VPN tunnels

Unanswered Question
Aug 12th, 2009

Hi there,


I have a funny problem.


I build up a hub and spoke VPN, with RAS Client VPN access for the central location.


All tunnels and the RAS VPN access are working fine.

I use the tunnels for Voip, terminal server access and a few other services.


The only problem I have is, that I could not access the inside IP address of any of my ASAs, neither via tunnels nor via RAS VPN access. No telnet access and no ping reach the inside interfaces.


No problem when I connect to the interface via a host inside the network.


All telnet statments in the config are ending with the INSIDE command.


On most of the ASAs the 8.2 IOS is running on one or two ASAs the 8.0(4).


For the RAS client access I use the Cisco 5.1 VPN client.


Did anybody have any suggestions?


Regards

Marcel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Thu, 08/13/2009 - 05:28

Marcel,


Simply add on the asas you want to administer through the tunnels


management-access



http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985


for asa5505


management-access inside


for all others if you have management interface management0/0 defined then:


management-access management


then you may need to allow the source , for example if RA VPN pool network is 10.20.20.0/24 then you tell asa that network cann administer asa and point access to inside, but sounds you have this part already.




telnet 10.20.20.0 255.255.255.0 inside

http 10.20.20.0 255.255.255.0 inside


same principle for l2l vpns


Regards




puseth Tue, 08/18/2009 - 11:07

can you add this command in your Asa and test it out...


management-access inside

Actions

This Discussion