Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
926
Views
0
Helpful
7
Replies

ASA 5510 Accessing Inside Interface While using VPN

shawnreis
Level 1
Level 1

‎04-09-2008 06:59 AM - edited ‎02-21-2020 03:39 PM

We need to be able to access the Device via SSH while connected VIA VPN.

I have added it to the management access:

pix(config)#management-access inside

And it says I need to add the correct access. I have SSH added to my ACL on the outside interface coming in and can SSH into servers on the inside.

So do I also need to add ac ACL to the inside Interface to allow this ssh access to the Device?

Thanks

Moe

Labels:
0 Helpful
7 Replies 7

acomiskey
Level 10
Level 10

‎04-09-2008 07:01 AM

No, all you should need is...

management-access inside

ssh inside

0 Helpful

shawnreis
Level 1
Level 1
In response to acomiskey

‎04-09-2008 09:41 AM

I tried that with no luck. Just to make sure, I removed the management access and readded:

ASA(config)# management-access inside-vpn

Please remove the management access before configure a new one

ASA(config)# no management-access inside-vpn

ASA(config)# management-access inside-vpn

I also have the SSH setup:

ASA# show ssh

Timeout: 5 minutes

Versions allowed: 1 and 2

192.168.192.0 255.255.255.0 inside-vpn

xx.xx.32.0 255.255.255.128 inside-vpn

I know the SSH works since I have used it.(while not being connected via VPN) I have also set my IP address to match one in our VPN DHCP range and from there I can SSH into the Device. Just not directly while VPN'd in.

Although while connected to the VPN I can ssh into a server and then into the device. I would rather not have to do that.

Thanks

Moe

0 Helpful

acomiskey
Level 10
Level 10
In response to shawnreis

‎04-09-2008 09:58 AM

If you are split tunneling, make sure the inside interface is part of you split tunnel acl.

0 Helpful

shawnreis
Level 1
Level 1
In response to acomiskey

‎04-09-2008 10:40 AM

When I setup my split tunneling I made a standard ACL and that just says Permit my network. (and is working fine)

Do I need a line just for my Inside interface?

0 Helpful

acomiskey
Level 10
Level 10
In response to shawnreis

‎04-09-2008 10:42 AM

It depends, is inside interface part of "my network"?

0 Helpful

shawnreis
Level 1
Level 1
In response to acomiskey

‎04-09-2008 10:59 AM

Yes it is.

I can SSH into it from anywhere on my network just not while connected to the VPN. I can Telnet to it and ping it while using VPN, just not SSH.

0 Helpful

shawnreis
Level 1
Level 1
In response to shawnreis

‎04-09-2008 11:08 AM

And as always:

Thanks for your help and patience.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents