i am replacing our venerable vpn 3015 with an asa5510. i seem to have basic vpn connectivity (vpn client v4.7) but im used to connecting to the private net side to administer the devices. as of now, if i attempt a telnet or asdm connection to the private interface, i get no reponse. is this by design? is there a way around this? (vpn tunnel was configured using asdm wizard) the one thing i THINK im missing is the vpn30xx series had a tunnel default gateway. there doesnt seem to be a replacement in asdm. i had thought to use "route inside 0 0 192.168.x.1 tunneled" to replace this but maybe there is more im missing?
ok, fixed my flow problem (note to self; DON'T delete the nat exempt statement just 'cause you dont understand it) now im back to my original problem, i cant telnet to the inside interface from the tunnel.
another thought based on how i messed myself up to start with: when my 3002's get connected, are there address spaces going to need to be exempted from nat also? ( i currently have a nat 0 0 interface)
Have you tried the management-access command? It will allow you to connect to the inside interface once you are connected with th VPN client. You have to specify an interface such as inside. You will also need to setup the telnet command to allow the ip range to get to the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...