Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
1
Replies

Can't SSH into ASA after configuring EZVPN and not specifying "split-tunnel-policy tunnelspecified"

Go to solution
baskervi
Level 1
Level 1

‎06-19-2012 01:07 PM

Even after specifying "split-tunnel-policy tunnelspecified" with "split-tunnel-network-list value SPLIT-TUNNEL" and denying all traffic to/from the public IP of the ASA, I'm still not able to SSH into the firewall. Everything else appears to be working OK, but I need to be able to manage the ASA from the public interface. Actually, I kind of expect this given the say an sa is setup for the tunnel, and it would seem that a deny statement would be ignored, but maybe there is a way around this. Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎06-19-2012 11:06 PM

If you want to connect to your inside IP through the tunnel, you need to specify "management access inside":

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_management.html#wp1064497

regards, Karsten

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎06-19-2012 11:06 PM

If you want to connect to your inside IP through the tunnel, you need to specify "management access inside":

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_management.html#wp1064497

regards, Karsten

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents