SSH to remote VPN site via Site to Site VPN ASA 8.4(5)

AQUALUNGAMERICA · ‎06-30-2014

I presently have a Cisco ASA 5520 running 8.4(5) connected to another Cisco ASA 5505 running 8.4(5). I can ping and communicate to any object on the remote network. I have SSH configured on the Cisco ASA 5505. If I am on a system connecting to the Cisco ASA 5505 via SSH and I am on the remote network I can communicate with no problem. If I try to communicate to the Cisco 5505 from private network on the Cisco ASA 5520 I cannot communicate. I have been reading the security on the 8.4(5) works differently than the 8.2 or 8.3 for this particular situation. I have been doing hours of research and cannot find any proper solutions to resolving the configuration properly.

I found my problem so I am posting what I found. This website was very helpful:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_management.html#wp1485100

On the 8.4 you need to make sure you have management-access inside configured. For anyone that is new simple

#

#config t

# management-access inside

# wr

Once you have the tunnels properly working with NAT and the crypto tunnels, in the 8.4, allow SSH with the networks you want to access from and then make sure you have management-access inside. This will allow you to ping and manage the firewall via the inside interface from the host VPN tunnel.

Carlos

Poonam Garg · ‎07-01-2014

Hello Carlos,

This should absolutely work.Check if you have allowed SSH access from remote network on ASA 5505 as inside network.

ssh x.x.x.x x.x.x.x inside

where, x.x.x.x - remote network

HTH