Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

management-access inside without IPSec

hi community!

i have an ASA with 9.1(1) which is accessed on its inside interface (from outside) via "management-access inside" command. after upgrade to 9.1(3) this stops working.

ADMIN              outside   ASA    inside

                        interface   ___    interface

172.16.1.5          10.1.1.1  |___|  192.168.1.1

SSH/ASDM from 172.16.1.5 to 192.168.1.1

there is no IPSec configured, just plain routing. is it a bug in 9.1(3) version or is it feature that management-access inside is not working anymore?

thanks and best regards

mario

Everyone's tags (3)
2 REPLIES
Super Bronze

management-access inside without IPSec

Hi,

To my understanding you should never be able to connect to the ASA interface behind another interface unless VPN connection and "management-access" command are involved.

I do remember one other thread where the user said that this was done.

But this is something that should not work so I am not sure why it has worked for you. I wouldn't expect that you can get it working as is not something that supposed to be supported. I am not sure what kind of configuration you have used if this has worked in the first place.

Then again, I am wondering why you are not using the external interface directly to connect to the ASA rathter than connecting to some other interface? I mean there must be some NAT involved if this device is on the edge of public/private networks?

- Jouni

New Member

management-access inside without IPSec

hi,

thanks for your reply.

behind that firewall there are serveral other firewalls all connected with each other via one single /24 transit network. the idea was to access all firewalls via their addresses in this transit network (naming conventions...). this was done because it worked with management-access inside at 9.1(1) with no issues.

now i want to find out why it doesn't after upgrading to 9.1(3) with no config change. is the bug in 9.1(1) or in 9.1(3)?

mario

148
Views
0
Helpful
2
Replies
CreatePlease login to create content