Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

anyconnect sessions does not reach the inside interfaces of the ASA

Hello friends,

I have finished the configuration of an anyconnect profile, and it is working pretty well, I can reach my whole network resources. The only problema is that I can not ping the inside interface of my ASA, or SSH to my inside interface.

I clearly understand that anyconnect sessions arrives at the outside interface of the ASA, so I just want to know if this is a normal behavior of the ASA, to can not ping the another interfaces.

Anyway I can reach my ASA through the outside interface, I just want to know if this behavior is normal.

Regards!

2 REPLIES
Super Bronze

Hi, Typically the ASA wont

Hi,

 

Typically the ASA wont let you access its ports if the connecting host is located behind another interface of the ASA which is the situation in your case.

 

However, for VPN use ASA has a command that allows connections for management purposes to one interface if the connection is coming through a VPN connection.

 

So for the interface you want to access through VPN you will have to have this command

 

management-access <interface nameif>

 

Naturally the interface IP address has be part of the VPN configurations. Though if the LAN is directly connected without any routers in between this should already be true.

 

Let me know if this corrects the problem.

 

Hope this helps :)

 

- Jouni

New Member

Hello Jouni,Thnaks for your

Hello Jouni,

Thnaks for your answer, and I am sorry for my delay about answering your comment, but it did not correct the problem. The single LAN is directly connected. I would like to disable the SSH access of the outside interface, that is why I am requesting some help. 

I have issued the "route-lookup" statement to the nat rule, and now I am able to ping and manage the inside interface of my ASA through anyconnect sessions.

Regards!

117
Views
0
Helpful
2
Replies
CreatePlease login to create content