Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 8.0(3) management over VPN

I upgraded two PIX 525's from 7.2(1) to 8.0(3) and I can no longer manage them across the VPN tunnels. What changed concerning management between 7.2 and 8.0? I can manage them fine as long as I'm on a machine that is behind the inside interface. All the normal management statements are in place, but no luck from across the tunnel.

11 REPLIES

Re: ASA 8.0(3) management over VPN

If it isn't already configured try adding this command and test.

management-access inside

New Member

Re: ASA 8.0(3) management over VPN

Already there.

Re: ASA 8.0(3) management over VPN

Are you using SSH or telnet?

New Member

Re: ASA 8.0(3) management over VPN

SSH and ASDM no longer work from across the tunnel.

Re: ASA 8.0(3) management over VPN

Can you ping the inside interface of the ASA over the VPN tunnel? If you can't there may be an issue with split tunnel ACL. Can you post a sanitized copy of the ASA configuration?

New Member

Re: ASA 8.0(3) management over VPN

No, I just noticed that I can't ping the inside interface anymore. This is a Site-to-Site tunnel and those ACL's haven't changed that I can see.

Re: ASA 8.0(3) management over VPN

Is the inside interface part of the crypto ACL. Can you ping other hosts on the same subnet across the VPN tunnel?

New Member

Re: ASA 8.0(3) management over VPN

The inside interface is part of the ACL, and no I can no longer ping any host on that subnet across the tunnel.

New Member

Re: ASA 8.0(3) management over VPN

3 Apr 17 2008 12:55:08 713902 Group = x.x.x.x, IP = x.x.x.x, QM FSM error (P2 struct &0x4c6cfb8, mess id 0xbe6589f2)!

3 Apr 17 2008 12:55:08 713227 IP = x.x.x.x, Rejecting new IPSec SA negotiation for peer x.x.x.x. A negotiation was already in progress for local Proxy 172.x.x.0/255.255.255.248, remote Proxy 10.x.x.0/255.255.255.0

Above are debugs from remote PIX.

Re: ASA 8.0(3) management over VPN

I haven't seen this error message before. Can you do this.

clear crypto isakmp sa

clear crypto ipsec sa

New Member

Re: ASA 8.0(3) management over VPN

Hi,

I have similar problem. We have ASA 5520. After upgrade to 8.0(3) we are not able manage device using ASDM (across Remote Access VPN). Ssh nad ping works. Any success solving this problem?

418
Views
0
Helpful
11
Replies
CreatePlease to create content