Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Management Across Site to Site VPN

Hello,

I have a ASA5505 and a ASA5510 successfully setup and running a site to site VPN. I can manage (SSH and ASDM) the local ASA without any problems. I'm unsuccessful when trying to manage the remote ASA.

- Should I be connecting to the outside interface or the inside interface on the remote ASA?

- Do I need ACLs to allow the traffic (I've tried and have been unsuccessful)?

Attached you'll find a network diagram for easier analysis.

I'd post the ASA configs but I'm not sure what would be relevant. Any help is much appreciated.

Matt

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: ASA Management Across Site to Site VPN

If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:

Let's say your inside interface on the ASA is 10.0.0.1:

ssh 10.0.0.0 255.255.255.0 inside

If your remote site is 10.50.0.0/24 then add:

ssh 10.50.0.0 255.255.255.0 inside

Let me know if this works :-)

HTH,

John

HTH, John *** Please rate all useful posts ***

Re: ASA Management Across Site to Site VPN

In addition to John's post.

For managing the asa over an Ipsec tunnel you also need magament-access

where name_if whichever management interface you define in your fw.

for example typical scenario

asa(config)#management-access inside

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497

Rgds

Jorge

3 REPLIES

Re: ASA Management Across Site to Site VPN

If you are wanting to get access to ssh, try adding your remote IP addresses (the ones that connect to the VPN) to ssh:

Let's say your inside interface on the ASA is 10.0.0.1:

ssh 10.0.0.0 255.255.255.0 inside

If your remote site is 10.50.0.0/24 then add:

ssh 10.50.0.0 255.255.255.0 inside

Let me know if this works :-)

HTH,

John

HTH, John *** Please rate all useful posts ***

Re: ASA Management Across Site to Site VPN

In addition to John's post.

For managing the asa over an Ipsec tunnel you also need magament-access

where name_if whichever management interface you define in your fw.

for example typical scenario

asa(config)#management-access inside

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1064497

Rgds

Jorge

New Member

Re: ASA Management Across Site to Site VPN

That was it. THANKS FOR THE HELP.

Matt

268
Views
0
Helpful
3
Replies