Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cannot Telnet to ASA in VPN tunnel.

Once I am in VPN tunnel, I can't Ping or Telnet to the ASA using Inside interface IP.

Below is the partial configuration:

telnet 10.17.70.0 255.255.255.0 Outside

telnet 172.17.0.0 255.255.0.0 Inside

telnet timeout 10

ssh 172.17.0.0 255.255.0.0 Inside

ssh timeout 60

ssh version 1

console timeout 0

management-access Inside

11 REPLIES

Re: Cannot Telnet to ASA in VPN tunnel.

do you have AAA server group LOCAL configured? if so add this statement.

aaa authentication telnet console LOCAL

make sure you do not have in your config any icmp deny acl towards inside interface, for example icmp deny any inside will block pings on inside interface, check that.

once you vpn try telnet to asa, if not success please post sanitized config.

HTH

Rgds

Jorge

New Member

Re: Cannot Telnet to ASA in VPN tunnel.

Below is the attached config and we checked your recommendation, did'nt help us.

Thanks

Re: Cannot Telnet to ASA in VPN tunnel.

sorry for late reply..

your ra vpn network is consider inside not outside, you will not be able to telnet or icmp to asa inside while in vpn and this statement pointing to oustide interface. please correct this and post your results.

remove this statement

no telnet 10.17.70.0 255.255.255.0 Outside

and replace it with

telnet 10.17.70.0 255.255.255.0 inside

Jorge

Re: Cannot Telnet to ASA in VPN tunnel.

Murali, any update on your issue?

Rgds

Jorge

New Member

Re: Cannot Telnet to ASA in VPN tunnel.

No. Did'nt work............... Any other suggestions.......................

Murali

Re: Cannot Telnet to ASA in VPN tunnel.

What does your logs indicate when you try icmp or telnet to inside interface while in vpn , can you post asa log output.

New Member

Re: Cannot Telnet to ASA in VPN tunnel.

The log file does not have any info on ICMP, we have also tried "debug icmp" still no sign ICMP packets. Besides issue with Telnet, we can't get to websites that are on our business partner "lacounty" interface.

Re: Cannot Telnet to ASA in VPN tunnel.

are the websites under the 192.168.1.0 network ? f so can you reach 0.0.0.1 next hop router from the asa? when you say you cannot reach websites via lacounty interface is it through vpn or anyone behind asa.

New Member

Re: Cannot Telnet to ASA in VPN tunnel.

The unreachable websites are in 10.2.0.0 which resides beyond "lacounty" interface and we have this problem only when we're in VPN.

New Member

Re: Cannot Telnet to ASA in VPN tunnel.

Jorge,

We found 2 issues with the config that prevent us from Telnet to the ASA.

1- Typo on nonatdmz access-list, should have

been 10.17.70.0 instead of 10.16.70.0

2- Splittunel acess-list did not include

10.0.0.2 "Inside" interface

You help is greatly appreciated,

Re: Cannot Telnet to ASA in VPN tunnel.

So you guys are all set then, did you make the corrections on the acls? can you post updated config.

250
Views
0
Helpful
11
Replies
CreatePlease to create content