I have the following setup on my ASA 5520
Public interface - 100 - 202.xx.xx.xx
Private - 0 - 172.24.16.200/24
Management - 0 - 172.19.120.27/24
From a VPN client, I can ping any host on the management network (172.19.120.0/24), because I have removed the "management only" option. However, I can't really do anything on those hosts (RDP, http, etc) apart from ping.
Checking the logs, this is what I get, when I try to RDP to a host on the Mgt network:
|6||Jan 20 2010||23:40:52||106015||172.19.120.11||3389||172.24.206.1||1894||Deny TCP (no connection) from 172.19.120.11/3389 to 172.24.206.1/1894 flags SYN ACK on interface Private|
What are my options? I can think of two:
- Create another Management VLAN
- Disable Management interface and use inside for management.
- Any advise would be helpfull.