Connect to outside ip addresses of ASA from inside

Unanswered Question
Oct 22nd, 2009

Hello.

This has been asked before I think, but I can't believe its not possible.

I would like to connect to an outside interface IP address from the inside network of an ASA. Either ping or otherwise.

Additionally I would like to ping the inside interface IP of an ASA across a VPN link. This also appears not to be possible.

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 10/22/2009 - 05:59

Mike

"I would like to connect to an outside interface IP address from the inside network of an ASA. Either ping or otherwise."

Correct, by design this is not possible.

"Additionally I would like to ping the inside interface IP of an ASA across a VPN link. This also appears not to be possible"

This you can do with the management-access command -

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1987122

Jon

mikedelafield Thu, 10/22/2009 - 06:35

Thanks Jon.

I had just stumbled on the management access option! Thanks anyway.

As for the other part I guess it makes sense that you cannot connect to the outside/NAT addresses; as any IP addresses they translate to must by definition already be on the inside and accessible directly!

Mike

AVSSYSTEME Fri, 11/19/2010 - 00:04

hi Guys,

so there is no way to arrange communication?

i would need this for following:

one of my inside networks is a WLAN and from there i would like to allow VPN access to the ASA, works fine if i use the Interface IP adress of that network.

So do i need to have two connection profiles?

one from outside with peer of the outside ipaddress

and one form inside_wlan with peer of wlan interface ip address?

i would like to have just one connecitno profile using the outside ipaddress, but this does not work? Is there now way to do this?

apothula Fri, 11/19/2010 - 00:31

Yeah, that would not be possible.

You need to have two different profiles and two different crypto maps, one of the outside interface and one on the inside_wlan network with the outside IP and the Inside_WLAN ip respectively.

Cheers,

Nash.

Actions

This Discussion