Cisco ASA Remote Management ASDM via Site-to-Site VPN with NAT
I am looking for some advice on how to configure remote management of ASAs via a site-to-site VPN tunnel. Typically, this would be accomplished by setting the Management Access Interface to "inside" and specifying the networks permitted to manage the ASA via ADSM/HTTPS, Telnet, and SSH.
However, with a site-to-site VPN when the remote end is using a Static Policy NAT, this does not work on 8.2 code.
Here is a sample:
Main Site ASA: 10.1.15.1
Remote Site ASA: 192.168.1.1
Remote Site (192.168.1.0/24) ---> Static Policy NAT (10.1.16.0/24) ---> Site-to-Site VPN ---> Main Site (10.1.15.0/24)
With the Static Policy NAT, remote management should be possible from Main Site (10.1.15.0/24) using 10.1.16.1. I can ping other devices on this subnet. The ASA does not respond to ping. Management Interface at Remote Site is set to "inside" and the allowed management networks are configured.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...