Below is a config of my ASA 5505. The ASA has a site-2-site tunnel with the corporate. From the coporate, I am able to ping every host behind the ASA 5505 but not the inside address of the ASA. And therefore I am also not able to ssh to the inside address.
ASA Version 7.2(4)
enable password xxx
ip address 172.24.80.1 255.255.255.192
ip address XXX.XXX.XXX.XXX 255.255.255.248
switchport access vlan 2
ftp mode passive
dns server-group DefaultDNS
same-security-traffic permit intra-interface
access-list AEM2FJDC extended permit ip 172.24.80.0 255.255.255.192 192.168.254.0 255.255.255.0
access-list AEM2FJDC extended permit ip 172.24.80.0 255.255.255.192 192.168.248.0 255.255.255.0
access-list AEM2FJDC extended permit ip 172.24.80.0 255.255.255.192 172.16.108.0 255.255.255.0
access-list AEM2FJDC extended permit ip 172.24.80.0 255.255.255.192 172.16.110.0 255.255.254.0
access-list AEM2FJDC extended permit ip 172.24.80.0 255.255.255.192 22.214.171.124 255.255.255.0
Generally, you cannot telnet,ping inside Interface from outside, however when you are coming over a VPN tunnel then you may require to telnet/ping/connect to inside interface, therefore management-access command ensures you are able to do so
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...