Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Access Remote ASA usnig ASDM from HUB via Site to Site VPN...

HI,

I want to access my remote(spoke) ASA (ASDM) in my hub location..do not want to access via public IP from outside.

what configuration should be done on the spoke ASA..

                                               VPN Tunnel               SPOKE

      inside            HUB|=======================[ASA] inside 192.168.2.0/24

  192.168.1.0/24   ASA|

                                 |=======================[ASA] inside 192.168.3.0/24

                                            VPN Tunnel

2 ACCEPTED SOLUTIONS

Accepted Solutions
Super Bronze

Access Remote ASA usnig ASDM from HUB via Site to Site VPN...

Hi,

Provided that management connections are coming from a source address that is already configured on the L2L VPN and naturally that the destination address (Hub ASA interface IP) is also part of the current L2L VPN then you would essentially only need to add

management-access

Which would allow management connections through the L2L VPN to this internal interface

You would also need the appropriate statement to allow the ASDM management

http inside

I think you needed to use the "inside" at the end. Can't remember. Try "outside" if that doesnt work.

Naturally if you have any kind of VPN Filter ACLs or if you are preventing the default operation of VPN traffic bypassing external interface ACL then you will also have to allow the traffic.

Hope this helps

- Jouni

Super Bronze

Access Remote ASA usnig ASDM from HUB via Site to Site VPN...

Hi,

Did you get it working?

Please do remember to mark a reply as the correct answer if it answered your question.

Or did you have the chance to test it out yet?

- Jouni

4 REPLIES
Super Bronze

Access Remote ASA usnig ASDM from HUB via Site to Site VPN...

Hi,

Provided that management connections are coming from a source address that is already configured on the L2L VPN and naturally that the destination address (Hub ASA interface IP) is also part of the current L2L VPN then you would essentially only need to add

management-access

Which would allow management connections through the L2L VPN to this internal interface

You would also need the appropriate statement to allow the ASDM management

http inside

I think you needed to use the "inside" at the end. Can't remember. Try "outside" if that doesnt work.

Naturally if you have any kind of VPN Filter ACLs or if you are preventing the default operation of VPN traffic bypassing external interface ACL then you will also have to allow the traffic.

Hope this helps

- Jouni

New Member

Access Remote ASA usnig ASDM from HUB via Site to Site VPN...

Thank you...Jouni

Super Bronze

Access Remote ASA usnig ASDM from HUB via Site to Site VPN...

Hi,

Did you get it working?

Please do remember to mark a reply as the correct answer if it answered your question.

Or did you have the chance to test it out yet?

- Jouni

New Member

Access Remote ASA usnig ASDM from HUB via Site to Site VPN...

Hi Jouni,

i have tested it on remoteaccess vpn and it is working fine. now only on site to site vpn i need to check.

suhas

402
Views
0
Helpful
4
Replies
CreatePlease to create content