09-23-2014 01:46 PM - edited 02-21-2020 07:50 PM
Hello friends,
I have finished the configuration of an anyconnect profile, and it is working pretty well, I can reach my whole network resources. The only problema is that I can not ping the inside interface of my ASA, or SSH to my inside interface.
I clearly understand that anyconnect sessions arrives at the outside interface of the ASA, so I just want to know if this is a normal behavior of the ASA, to can not ping the another interfaces.
Anyway I can reach my ASA through the outside interface, I just want to know if this behavior is normal.
Regards!
09-25-2014 01:00 AM
Hi,
Typically the ASA wont let you access its ports if the connecting host is located behind another interface of the ASA which is the situation in your case.
However, for VPN use ASA has a command that allows connections for management purposes to one interface if the connection is coming through a VPN connection.
So for the interface you want to access through VPN you will have to have this command
management-access <interface nameif>
Naturally the interface IP address has be part of the VPN configurations. Though if the LAN is directly connected without any routers in between this should already be true.
Let me know if this corrects the problem.
Hope this helps :)
- Jouni
09-26-2014 09:32 PM
Hello Jouni,
Thnaks for your answer, and I am sorry for my delay about answering your comment, but it did not correct the problem. The single LAN is directly connected. I would like to disable the SSH access of the outside interface, that is why I am requesting some help.
I have issued the "route-lookup" statement to the nat rule, and now I am able to ping and manage the inside interface of my ASA through anyconnect sessions.
Regards!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide