SSH and ASDM to Pix over VPN Client Connection

cslitb · ‎06-09-2008

How can we setup access to manage the pix (ssh and asdm) over a vpn client connection? We have given access to the pix via ssh and asdm to the VPN sunbet, but cannot access the pix. The commands we entered are below:

ssh 111.111.111.0 255.255.255.0 outside

http 111.111.111.0 255.255.255.0 outside

111.111.111.0 255.255.255.0 is our VPN subnet

Any ideas would be great. Thanks

Farrukh Haroon · ‎06-09-2008

Are you using any split tunneling for the VPN connections, Or perhaps a vpn-filter?

After your VPN is established, what error do you see to get SSH/ASDM working?

Also have a look at the 'management-access' command:

http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/m_711.html#wp1631964

Regards

Farrukh

cslitb · ‎06-09-2008

Yes, we are using split tunneling. The subnet for the inside interface of the pix is 192.168.0.0. We can get to other devices on that same subnet (webservers, dns, etc) using the vpn client, but cannot access the pix with SSH or asdm. We have looked at the syslogs, but do not see anything out of the ordinary.

Farrukh Haroon · ‎06-09-2008

Did you try the management-access command?

Regards

Farrukh

cslitb · ‎06-10-2008

Currently we have this in our config:

http server enable

http 111.111.111.0 255.255.255.0 inside (tried both inside & outside)

management-access inside

Farrukh Haroon · ‎06-10-2008

This might be a stupid question, but have you tried ASDM/SSH from the inside (normal LAN users)? just to make sure all is well (Crypto keys, ASDM image etc.)

Regards

Farrukh

cslitb · ‎06-10-2008

Yes we have. We can both SSH and ASDM access to the Pix from the "inside".

cisco-reseller · ‎06-12-2008

does the vpn not come in on the outside interface?

cslitb · ‎06-12-2008

Yes, it does terminate on the outside interface.