Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Management/NAT Problem

Hi All,

I appear to have a NAT problem with ASA build 7.2(3). I cannot SSH or SSL (with CSM) through the inside interface to the outside interface i.e. I want to manage the device on its external interface. I want to manage the device on its external interface as I have a second CSM server at a remote site. I receive the following errors when I SSH from an internal host to the external interface:

%ASA-6-302013: Built inbound TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 (x.x.x.x/3265) to NP Identity Ifc:y.y.y.y/22 (y.y.y.y/22)

%ASA-6-302014: Teardown TCP connection 14343 for MANAGEMENT:x.x.x.x/3265 to NP Identity Ifc:y.y.y.y/22 duration 0:00:00 bytes 0 TCP Reset-I

Both the external and internal interface are logical interfaces on the same physical. Could this be the problem?

Thanks,

Paul

2 REPLIES
Gold

Re: ASA Management/NAT Problem

do you have "management-access outside" configured?

why don't you post your config.

New Member

Re: ASA Management/NAT Problem

Hi,

Thanks for the tip, however, I still cannot connect. When I try to establish a SSL connection from the remote CSM server to the internal interface of the local ASA I get a anti spoof error:

Deny IP spoof from (x.x.x.x) to y.y.y.y on interface TRANSIT

And, when I try to establish a SSL or SSH from the local CSM server to the external interface of the local ASA. I get the NP Indentity error previously posted.

I can't post the configs because its a clients network i.e. I don't have permission.

Thanks,

Paul

140
Views
0
Helpful
2
Replies