SSH via VPN connection-ASA5505

nguyenthac86 · ‎07-19-2010

I creat a Ipsec connection via VPN for ASA5505. Now, i want via this VPN connect to SSh to ASA to management ASA by CLI command

This is my network:

(Inside) 192.168.1.0/24 (.2) -----------(.1)-ASA- (.1)--------------(.2)(outside) 10.10.10.0/24-----------((Internet))----- (Vpnclient) pool (192.168.0.0/24)

Please help me!

Jitendriya Athavale · ‎07-20-2010

use the command

management-access inside

to ssh to asa using inside interface, if you want to access someother interface use the name of interface

management-access

nguyenthac86 · ‎07-20-2010

Yes, thank you.

But, i want to manage the my ASA via Internet (via outside interface)? How to do?

Jitendriya Athavale · ‎07-20-2010

to enable via internet please follow the link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008069bf1b.shtml

hostname(config)# crypto key generate rsa modulus 1024

hostname(config)# write mem

hostname(config)# ssh   outside

hostname(config)# ssh 192.168.1.2 255.255.255.255 inside

hostname(config)# ssh timeout 30
if you have existing access-list permit this public to your outside else make a new access-list

hostname(config)# access-list out-to-in extended permit ip    
hostname(config)# access-group out-to-in interface outside

hostname(config)# aaa authentication {telnet | ssh | http | serial} console {LOCAL | 
server_group [LOCAL]}
hostname(config)# username cisco password cisco



http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1042023

hope this helps