Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Highlighted
Community Member

ASA RA-VPN to access ASA ASDM

Hi All,

 

Seeking some logic as i going to configure this scenario soon

 

scenario:

User connecting using AnyConnect client to ASA-HQ outside inteface

So it will grant a DHCP IP pool

 

My question

How do i able to access the ASA-HQ ASDM, say it enable the ASDM access on inside interface. The VPN IP range is inter-routable between ASA-HQ

 

Eventually, i facing this problem actually. Maybe i can get conceptual ideas here

 

Thank

 

Noel

2 REPLIES
Community Member

Re: ASA RA-VPN to access ASA ASDM

Community Member

Re: ASA RA-VPN to access ASA ASDM

You will need to do a few things to make it work. 

 

step 1. setup the anyconnect vpn. Take note of the ip ranges that you will assign to anyconnect users. 

 

step 2. Set the management interface to inside (or whichever interface you want to be able to connect to from anyconnect). You can do this using the command for example:

management access <interface>
management access inside

step 3. allow asdm access from users coming in from anyconnect (using anyconnect ip range). For example:

http <ip range assigned to anyconnect users> <subnet mask>  <interface used in management access statement above>

http 10.10.10.0 255.255.255.0 inside

4. Create nat exemption from inside to outside (anyconnect ip range sources from the outside interface)

nat (inside, outside) source static <host/network object of inside interface> <host/network object of inside interface> <ip range/network of ips used for anyconnect users> <ip range/network of ips used for anyconnect users>

nat(inside, outside) source static inside-network inside-network destination static anyconnect-network anyconnect-network

Assuming that you have the http server enabled, and have done the above. You should be able to access asdm from anyconnect using the ip address of the inside interface.

83
Views
10
Helpful
2
Replies
CreatePlease to create content