Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco ASA, VPN and firewall management

Reply
Thread Tools

Cisco ASA, VPN and firewall management

 
 
Bernd Nies
Guest
Posts: n/a
 
      03-22-2007
Hi,

We have a Cisco ASA 5510 and a 5520 and a site-to-site VPN between
them to connect two company networks. The inside interface is
configured as the management interface. I can connect via ssh/https
the inside interface when I come from the local network but not when I
come through the VPN tunnel.

How can one configure the ASA to allow management access through VPN?
I don't want to bind it to the outside interface because then
everybody from the Internet can access the firewall.

Using the separate management port for this does not work for us
because
- the Allied Telesyn Switch on the other side cannot do VLAN routing
- the ASDM forbids to add two routes to the same subnet on two
interfaces to two separate gateways.
- the ASDM does not allows the inside and management interface to be
on the same subnet.

Thanks in advance for help.

Regards,
Bernd

 
Reply With Quote
 
 
 
 
mcaissie
Guest
Posts: n/a
 
      03-22-2007

"Bernd Nies" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi,
>
> We have a Cisco ASA 5510 and a 5520 and a site-to-site VPN between
> them to connect two company networks. The inside interface is
> configured as the management interface. I can connect via ssh/https
> the inside interface when I come from the local network but not when I
> come through the VPN tunnel.
>
> How can one configure the ASA to allow management access through VPN?
> I don't want to bind it to the outside interface because then
> everybody from the Internet can access the firewall.
>
> Using the separate management port for this does not work for us
> because
> - the Allied Telesyn Switch on the other side cannot do VLAN routing
> - the ASDM forbids to add two routes to the same subnet on two
> interfaces to two separate gateways.
> - the ASDM does not allows the inside and management interface to be
> on the same subnet.
>
> Thanks in advance for help.
>
> Regards,
> Bernd
>



> How can one configure the ASA to allow management access through VPN?

By adding the command

management-access inside


 
Reply With Quote
 
 
 
 
Bernd Nies
Guest
Posts: n/a
 
      03-23-2007
Hi,

> By adding the command
>
> management-access inside


Thanks. I had already that option - just forgot to add the interface
network to the network object group on the remote side.

Bye,
Bernd

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
USB Keys and Cisco VPN Concentrator / Cisco VPN Client ? TechGuy Cisco 3 02-05-2009 01:05 PM
Increasing data transfer on a firewall to firewall vpn connection providencebuddy@yahoo.com Cisco 1 06-14-2005 10:20 PM
VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005 Kai Cisco 0 02-15-2005 02:03 PM
Cisco vpn server enabled / VPN and no-VPN connections mix Elise Cisco 6 05-22-2004 07:55 AM



Advertisments