Unable to access ASA over VPN

gginty · ‎05-21-2010

We have a ASA 5520 running

Cisco Adaptive Security Appliance Software Version 8.2(2)

We have a split tunnel using IPSEC to access our internal network. The access list for the tech group is pretty simple:

access-list xxxx extended permit ip 10.0.0.0 255.0.0.0 10.100.10.0 255.255.255.0
access-list xxxx extended permit ip 192.168.0.0 255.255.0.0 10.100.10.0 255.255.255.0
access-list xxxx extended permit ip 172.16.0.0 255.240.0.0 10.100.10.0 255.255.255.0

This gives us access to all our internal network servers etc

The internal address for the ASA is on the 192.168.0.0. We can get to everything on this network except the ASA. Both SSH and CiscoASDM fails.

I would have thought that since since the ASA is covered by the 192.168.0.0 and thus be able to gain access??

Olivier Jessel · ‎05-21-2010

Hi,

Have you configured ssh/asdm access for this IP source 10.100.10.0/24 ?

dont forget the packet is coming from the outside interface. (or another one, depends of your network)

I don't remember if I configured it... If I have some time I will test it.

++

Olivier

CCIE #44658

gginty · ‎05-21-2010

Thanks

We got the SSH to work, but still having problems connecting via ASDM

Federico Coto Fajardo · ‎05-21-2010

Ok, if you're connecting via SSH that means you have the command: management-access inside

that allows remote connectivity to the inside interface from a VPN tunnel.

Seems you're still having problems connecting via ASDM?

Question

Are you attempting to connect to the inside IP address through the tunnel and bring up ASDM? If so do you have the pool of VPN addresses allowed in the http access?

Federico.