Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA 5505 intervlan ADSM/SSH Access

hello,

I am running into a issue that I cannot seem to figure out. I have a asa 5505 with the Security Plus license. I setup a native vlan where all of my network devices sit on. ie my Wireless Access point has an ip of 192.168.3.2, my switch .3. I have no issues managing these devices from any vlan I am on (permitting firewall access rules). When I try to access my ASA via ASDM/SSH. I have to use the gateway of the vlan I am on. For instance. If I am on vlan 10 I have to use 192.168.10.1 for access, if I am on vlan 20 I type 20.1...etc...etc If I type in 192.168.3.1 I get an error in the ASDM logs that states TCP reset by appliance. This is for any gateway I type except for the gateway of the vlan that I am connected to. I am posting a sanitized config. How can I configure the ASA to permit access via any gateway.

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

ASA 5505 intervlan ADSM/SSH Access

Yes, that is how the ASA works. You can only manage the ASA on the interface where you are connected from, not crossing the interface, with one exception if you are trying to manage the ASA via VPN tunnel, then you can manage 1 cross interface.

Cisco Employee

Re: ASA 5505 intervlan ADSM/SSH Access

Management-only command just tells the ASA to just pass all the "to the box" traffic which is typically ssh, telnet, http to the ASA. Its not going to alter the behaviour of the ASA and permit management from any vlan.

But like Jennifer said, you can manage that same interface designated as management-only through the vpn.

The command for the same is "management-access "

Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985

3 REPLIES
Cisco Employee

ASA 5505 intervlan ADSM/SSH Access

Yes, that is how the ASA works. You can only manage the ASA on the interface where you are connected from, not crossing the interface, with one exception if you are trying to manage the ASA via VPN tunnel, then you can manage 1 cross interface.

New Member

Re: ASA 5505 intervlan ADSM/SSH Access

So this is by design? If I setup an interface for management only and patch it into my switch, would I then be able to manage the asa from any vlan?

Sent from Cisco Technical Support iPhone App

Cisco Employee

Re: ASA 5505 intervlan ADSM/SSH Access

Management-only command just tells the ASA to just pass all the "to the box" traffic which is typically ssh, telnet, http to the ASA. Its not going to alter the behaviour of the ASA and permit management from any vlan.

But like Jennifer said, you can manage that same interface designated as management-only through the vpn.

The command for the same is "management-access "

Command reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2027985

969
Views
0
Helpful
3
Replies
CreatePlease to create content