Why does my ASDM access get cut off when i turn on EasyVPN in client mode on the ASA 5505?
I can access with console, but no longer with ASDM.
Have not tested SSH/Telnet, although im guessing that wont work either.
Why does it get cut off and what can i do to get around this?
The inside interface. Only inside and outside interface are configured.
I used ASDM from a computer in the network connected to the inside interface.
This is also the network shared by NEM/EZVPN....im guessing that could be the problem?
If i use a separate interface for management it should work?
Thanks for the help,
Shouldn't be a problem if you are connecting from the inside, especially if you are running ezvpn in NEM mode.
What version is the ASA 5505?
Its version 8.2., the latest I think.
So just to clarify, inside interface is IP 172.17.0.1 with DHCP pool 172.17.0.0/24
ASDM is from PC with IP in the DHCP pool
Maybe this picture will clear things up again.
The PC using ASDM is in one of the customer LANs. It is connected to the ASA that acts as EasyVPN client with ASDM.
When i enable easyvpn with " vpnclient enable" on the ASA, the ASDM connection no longer functions.
Anyone got any idea?
In the ASDM logging (Through CLI since that keeps working) it says:
ASA-6-106015: Deny TCP (no connection) from 172.17.0.5/4871 to 172.17.0.1/443 flags FIN ACK on interface inside
172.17.0.5 is client, 172.17.0.1 is ASA.
With NEM, you can't have the 2 remote LANs in the same subnet (172.16.0.0/24). HQ will not be able to know where to route the packet destined for 172.16.0.0/24.
Yes it is possible by using ACL's linked to the connection profiles.
Also the network at the HQ side are VM's that get there address from a local address pool on the HQ ASA.
Every ACL (and thus every customer) has its own address pool.
I have that all working.
None of this has anything to do with ASDM though, as the ASDM connection shouldn't even pass through the ASA.