×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SSH to remote VPN site via Site to Site VPN ASA 8.4(5)

Unanswered Question
Jun 30th, 2014
User Badges:

I presently have a Cisco ASA 5520 running 8.4(5) connected to another Cisco ASA 5505 running 8.4(5). I can ping and communicate to any object on the remote network. I have SSH configured on the Cisco ASA 5505. If I am on a system connecting to the Cisco ASA 5505 via SSH and I am on the remote network I can communicate with no problem. If I try to communicate to the Cisco 5505 from private network on the Cisco ASA 5520 I cannot communicate. I have been reading the security on the 8.4(5) works differently than the 8.2 or 8.3 for this particular situation. I have been doing hours of research and cannot find any proper solutions to resolving the configuration properly.

I found my problem so I am posting what I found. This website was very helpful:

 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_management.html#wp1485100

On the 8.4 you need to make sure you have management-access inside configured. For anyone that is new simple

#

#config t

# management-access inside

# wr

Once you have the tunnels properly working with NAT and the crypto tunnels, in the 8.4, allow SSH with the networks you want to access from and then make sure you have management-access inside. This will allow you to ping and manage the firewall via the inside interface from the host VPN tunnel.

Carlos

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Poonam Garg Tue, 07/01/2014 - 10:47
User Badges:
  • Silver, 250 points or more

Hello Carlos,

This should absolutely work.Check if you have allowed SSH access from remote network on ASA 5505 as inside network.

ssh x.x.x.x x.x.x.x inside

where, x.x.x.x - remote network

HTH

 

 

 

Actions

This Discussion