Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 Accessing Inside Interface While using VPN

We need to be able to access the Device via SSH while connected VIA VPN.

I have added it to the management access:

pix(config)#management-access inside

And it says I need to add the correct access. I have SSH added to my ACL on the outside interface coming in and can SSH into servers on the inside.

So do I also need to add ac ACL to the inside Interface to allow this ssh access to the Device?

Thanks

Moe

  • Other Security Subjects
7 REPLIES
Green

Re: ASA 5510 Accessing Inside Interface While using VPN

No, all you should need is...

management-access inside

ssh inside

New Member

Re: ASA 5510 Accessing Inside Interface While using VPN

I tried that with no luck. Just to make sure, I removed the management access and readded:

ASA(config)# management-access inside-vpn

Please remove the management access before configure a new one

ASA(config)# no management-access inside-vpn

ASA(config)# management-access inside-vpn

I also have the SSH setup:

ASA# show ssh

Timeout: 5 minutes

Versions allowed: 1 and 2

192.168.192.0 255.255.255.0 inside-vpn

xx.xx.32.0 255.255.255.128 inside-vpn

I know the SSH works since I have used it.(while not being connected via VPN) I have also set my IP address to match one in our VPN DHCP range and from there I can SSH into the Device. Just not directly while VPN'd in.

Although while connected to the VPN I can ssh into a server and then into the device. I would rather not have to do that.

Thanks

Moe

Green

Re: ASA 5510 Accessing Inside Interface While using VPN

If you are split tunneling, make sure the inside interface is part of you split tunnel acl.

New Member

Re: ASA 5510 Accessing Inside Interface While using VPN

When I setup my split tunneling I made a standard ACL and that just says Permit my network. (and is working fine)

Do I need a line just for my Inside interface?

Green

Re: ASA 5510 Accessing Inside Interface While using VPN

It depends, is inside interface part of "my network"?

New Member

Re: ASA 5510 Accessing Inside Interface While using VPN

Yes it is.

I can SSH into it from anywhere on my network just not while connected to the VPN. I can Telnet to it and ping it while using VPN, just not SSH.

New Member

Re: ASA 5510 Accessing Inside Interface While using VPN

And as always:

Thanks for your help and patience.

579
Views
0
Helpful
7
Replies
This widget could not be displayed.