Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA Remote Management ASDM via Site-to-Site VPN with NAT

Hello,

I am looking for some advice on how to configure remote management of ASAs via a site-to-site VPN tunnel. Typically, this would be accomplished by setting the Management Access Interface to "inside" and specifying the networks permitted to manage the ASA via ADSM/HTTPS, Telnet, and SSH.

However, with a site-to-site VPN when the remote end is using a Static Policy NAT, this does not work on 8.2 code.

Here is a sample:

  • Main Site ASA: 10.1.15.1
  • Remote Site ASA: 192.168.1.1
  • Remote Site (192.168.1.0/24) ---> Static Policy NAT (10.1.16.0/24) ---> Site-to-Site VPN ---> Main Site (10.1.15.0/24)

With the Static Policy NAT, remote management should be possible from Main Site (10.1.15.0/24) using 10.1.16.1. I can ping other devices on this subnet. The ASA does not respond to ping. Management Interface at Remote Site is set to "inside" and the allowed management networks are configured.

Thanks in advance for any thoughts.

128
Views
0
Helpful
0
Replies