When we try to ASDM to inside(has correct rules), we see this:
%ASA-6-302013: Built inbound TCP connection 1751992 for outside:10.x.0.104/9046 (10.x.0.104/9046) to identity:10.x.2.1/443 (10.x.2.1/443)
Then it just times out. Browsing to https://10.x.2.1 <-fails,Page Cannot be Displayed
Now were using the Bridge-Group (BV1) as we need multiple switchports. So when we use Management-Access we choose the BV group name (inside). This allows ICMP to Inside IP no problem, but ASDM still fails. I watch logs and I see the connection coming in, but nothing after.
If I change 'management-access inside' to 'management-acess inside_1' we get %ASA-6-110002: Failed to locate egress interface for TCP from outside:10.x.0.104/8673 to 10.x.2.1/443 and ICMP stops. So its safe to assume the interface needs to be the BV group (Inside).
Now the ONLY way we have been able to do ASDM is to do the following:
no http server enable
http server enable 8081
We can now connect to the OUTSIDE IP on Port 8081 and manage via ASDM. However, Inside still does not work.
When you have "management-access inside" set, what is your http config? You also have to add "http 10.x.0.0 255.255.255.0 inside" to allow you to manage the ASDM from that source ip address range. Since you are able to ping the ASA#2 inside interface, reachability between your PC and ASA#2 seems to be correct. So in your case, the config should look like:
management-access inside http server enable http 10.x.0.0 255.255.255.0 inside
Same problem.. It seem that the Bridge Group functionality is some kind of hack which is not carefully integrated with established functionality. And that some configurations must be replicated for each physical interface in the bridge group is very ugly. The ASA5506 is causing me issues from the very first moment where the good old ASA5505 beside the 100mbit limitation is doing a good job.. It is frustrating
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...