Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > L2L VPN: Telnet or SSH Access problems with ACS server on Outside Interface

Thread Tools

L2L VPN: Telnet or SSH Access problems with ACS server on Outside Interface

Lowell Yates Lowell Yates is offline
Junior Member
Join Date: Feb 2009
Posts: 2
Let me explain my set up.

I have small remote offices using ASA 5505's. They all tunnel back to an ASA 5540 headend which gives the users access to the corporate network. This corporate LAN is where the ACS server is located. No problems with any user access ... life is good.

The problem I have is that I need to administer the remote ASA's remotely over the tunnel. I don't want to use local modems connected to the console port.

When using the console port locally to access the 5505 config, I can't ping anything on the corporate network. I can ping from a host pc so the tunnel is good. It looks obvious I don't have a route when pinging from the CLI, It looks like I'm not getting on the tunnel from inside the ASA using CLI.

The following is a stripped down version of the aaa commands but I'm not getting a route to begin with.

Question. How can I get a route back to the corporate network over the tunnel so I can get TACACS to authenticate telnet or ssh and administer the remote ASA?

aaa-server TACACS_SERVER protocol tacacs
aaa-server TACACS_SERVER host
timeout 20
key fakesuperduperpassword

aaa authentication telnet console TACACS_SERVER LOCAL
aaa authentication ssh console TACACS_SERVER LOCAL

ssh 10.x.x.x outside
telnet 10.x.x.x outside

Thanks VERY much!
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Access - Banner for Telnet but no Access ppurcell Cisco 0 06-17-2008 07:54 PM
Telnet - attempting to initiate a telnet session within an established telnet session Carcarius Ruby 0 12-06-2007 03:26 AM
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
allow ssh only on outside interface, but telnet on inside interface of router no-one Cisco 0 07-28-2004 04:17 PM
PIX: how to allow 1 host from outside interface to access another host on the inside interface? jonnah Cisco 1 04-21-2004 02:26 PM