We have an ASA 5510 at the remote office. There is no Network Administrator at this location. The Network Administrator from the Main office logins to Cisco VPN client to do the administration on the ASA. What IP address would you assign to the Management port of the ASA? Would you leave it at the default 192.168.1.1?
Great to hear. Yes, you can remove all the "dhcpd" configuration on the remote site.
Here is a sample configuration for LAN-to-LAN tunnel:
Configuration is a lot more complex and it has to be done on both ASA as per above sample config.
Based on the configuration of the remote ASA, the simplest way to manage the remote ASA from your main site is through it's outside ip address.
Currently you do not have VPN tunnel configured yet between the 2 sites.
So I would manage the remote ASA via its outside ip address: 18.104.22.168
On the remote ASA, you can restrict the SSH or HTTP access to only be accessible/managed from your main site public ip address (PAT) as follows:
Assuming there is LAN-to-LAN VPN tunnel between the remote and HQ, you can manage it using the inside ip address of the remote ASA.
When you VPN Client to your main office, are you able to access your remote LAN? If you can't, then you would need to configure a few things in regards to the VPN itself:
1) Split tunnel for the VPN Client needs to include the remote LAN subnet
2) Crypto ACL for the LAN-to-LAN tunnel between main and remote office needs to include the vpn client pool subnet as interesting traffic, ie:
On main site: access-list permit ip
On remote site: access-list permit ip
3) On the remote site: management-access inside --> so you can manage the inside interface through the vpn tunnel
4) On the remote site: NAT exemption needs to include traffic from remote LAN towards the vpn ip pool subnet.
5) On the remote site: whether you are managing through SSH or ASDM, you would need to include "ssh inside", and/or "http inside"
6) On the main site: same-security-traffic permit intra-interface ---> to allow traffic from vpn client to u-turn towards the lan-to-lan tunnel to remote site.
Hope that helps.