Management access (ASDM/console) to FWSM through the outside interface (Sec level 0)

Unanswered Question
Jul 13th, 2011

What am I not able to have admin access (ASDM/console) on FWSM through the outside interface (Sec level 0)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
anchacko Wed, 07/13/2011 - 00:04

Hi,

Is the FWSM in multiple context? Have you allowed your network to have asdm access to the outside? Could you post the "sh run" here?

Regards,

Anu

barwanetadmin Wed, 07/13/2011 - 00:35

Its not in multi-context

Access has been enabled , but still iam not able to connect from outside interface or routed vlan's, however iam able to access from all inside interfaces (higher sec level)

http server enable

http 10.0.X.0 255.255.255.0 outside

management-access outside

asdm location 10.0.x.x 255.255.255.255 outside

anchacko Wed, 07/13/2011 - 00:43

Hi Kauser,

The IP you're using is a Private IP. i would expect to see a public IP subnet in those commands, since you're trying to connect to the outside interface from an outside network.

Hope this helps!

Regards,

Anu

barwanetadmin Wed, 07/13/2011 - 06:47

The outside and inside interfaces  are virtual interfces separating priviate vlans in a core switch hosting  servers.

.Basically iam not able to get admin access from  security level 0 interface .I need to find out whether there is any way  to achieve this

varrao Wed, 07/13/2011 - 00:04

Hi Kausar,

Can you provide the configuration that you ahve done for admin access on outside along with the running-config.

Varun

varrao Wed, 07/13/2011 - 00:41

Hi Kauser,

The location from you are testing needs to be connected to the outside interface, I am not sure, but it seems that you are trying to connect from a PC which is on the inside interface,  you would not be able to access the ASDM from a remote interface. You can ASDM into the firewall from internet, for which the request would fall on the outside interface, in your case i guess the request is coming on the inside interface, for ASDM on outside, which is not correct.

Thanks,

Varun

barwanetadmin Wed, 07/13/2011 - 06:39

The outside and inside interfaces are virtual interfces separating priviate vlans in a core switch hosting servers.

.Basically iam not able to get admin access from security level 0 interface .I need to find out whether there is any way to achieve this

anchacko Thu, 07/14/2011 - 00:30

Hi Kauser,

Could you post the output of "show run int" from the FWSM here? Also, is the FWSM running in multiple context?

Regards,

Anu

barwanetadmin Thu, 07/14/2011 - 02:14

Firewall/6# sh run int

!

interface Vlan5

nameif DMZ5

security-level 50

ip address 10.X.X.X 255.255.255.0

!

interface Vlan6

nameif DMZ6

security-level 50

ip address 10.X.X.X 255.255.255.0

!

interface Vlan7

nameif DMZ7

security-level 50

ip address 10.X.X.X 255.255.255.0

!

.

.

.

.

interface Vlan100

nameif outside

security-level 0

ip address 10.X.X.X 255.255.255.252

!

interface Vlan101

description LAN Failover Interface

!.

interface Vlan102

nameif inside

security-level 100

ip address 10.X.X.X 255.255.255.0

anchacko Thu, 07/14/2011 - 03:59

Hi Kauser,

Is NAT enabled on the firewall? How does the world see the outside IP? What is the next hop for this firewall(def route)? It would be great if you can post the output of "sh run" here.

Regards,

Anu

barwanetadmin Sun, 07/17/2011 - 05:01

Dear,

This is an FWSm module with default route to Core Sw MSFC , the outside IP can be reached from any access vlan in core sw

anchacko Mon, 07/18/2011 - 00:43

Hi Kauser,

What is the IP address of the host from where you're trying to reach the FWSM outside interface? Give me an eg.

Regards,

Anu

Julio Carvaja Sun, 12/11/2011 - 13:07

Hello Kausar,

First of all lets take out all the ASDM configuration ( just in case the ASDM daemon got stuck)

no  http server enable

no http 10.0.X.0 255.255.255.0 outside

Now can you add the following command just to test the connection?

http server enable

http 0 0 outside

If this do not work,I would like to see the debug for the http protocol

Debug http

Please provide the output of the debug.

Regards,

Please rate helpful posts!!

Julio

barwanetadmin Wed, 12/14/2011 - 20:15

HI Julio,

Iam able to open asdm from all the security vlans , except from outside .

Regards

Julio Carvaja Wed, 12/14/2011 - 20:57

Hello Kausar,

Thanks for the info, I read that on the previous posts.

Can you provide the information I request??

Regards,

Julio

Actions

Login or Register to take actions

This Discussion

Posted July 13, 2011 at 12:02 AM
Stats:
Replies:16 Avg. Rating:
Views:2901 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446