SSH via VPN connection-ASA5505

Unanswered Question
Jul 19th, 2010
User Badges:

I creat a Ipsec connection via VPN for ASA5505. Now, i want via this VPN connect to SSh to ASA to management ASA by CLI command


This is my network:



(Inside) 192.168.1.0/24 (.2) -----------(.1)-ASA- (.1)--------------(.2)(outside) 10.10.10.0/24-----------((Internet))----- (Vpnclient) pool (192.168.0.0/24)


Please help me!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jitendriya Athavale Tue, 07/20/2010 - 03:20
User Badges:
  • Cisco Employee,

use the command


management-access inside


to ssh to asa using inside interface, if you want to access someother interface use the name of interface


management-access

nguyenthac86 Tue, 07/20/2010 - 19:18
User Badges:

Yes, thank you.


But, i want to manage the my ASA via Internet (via outside interface)? How to do?

Jitendriya Athavale Tue, 07/20/2010 - 22:15
User Badges:
  • Cisco Employee,

to enable via internet please follow the link


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml


hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# ssh   outside
hostname(config)# ssh 192.168.1.2 255.255.255.255 inside
hostname(config)# ssh timeout 30
if you have existing access-list permit this public to your outside else make a new access-list

hostname(config)# access-list out-to-in extended permit ip    
hostname(config)# access-group out-to-in interface outside

hostname(config)# aaa authentication {telnet | ssh | http | serial} console {LOCAL | 
server_group [LOCAL]}
hostname(config)# username cisco password cisco


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1042023

hope this helps

Actions

This Discussion