Cisco ASA, VPN and firewall management

Discussion in 'Cisco' started by Bernd Nies, Mar 22, 2007.

  1. Bernd Nies

    Bernd Nies Guest

    Hi,

    We have a Cisco ASA 5510 and a 5520 and a site-to-site VPN between
    them to connect two company networks. The inside interface is
    configured as the management interface. I can connect via ssh/https
    the inside interface when I come from the local network but not when I
    come through the VPN tunnel.

    How can one configure the ASA to allow management access through VPN?
    I don't want to bind it to the outside interface because then
    everybody from the Internet can access the firewall.

    Using the separate management port for this does not work for us
    because
    - the Allied Telesyn Switch on the other side cannot do VLAN routing
    - the ASDM forbids to add two routes to the same subnet on two
    interfaces to two separate gateways.
    - the ASDM does not allows the inside and management interface to be
    on the same subnet.

    Thanks in advance for help.

    Regards,
    Bernd
    Bernd Nies, Mar 22, 2007
    #1
    1. Advertising

  2. Bernd Nies

    mcaissie Guest

    "Bernd Nies" <> wrote in message
    news:...
    > Hi,
    >
    > We have a Cisco ASA 5510 and a 5520 and a site-to-site VPN between
    > them to connect two company networks. The inside interface is
    > configured as the management interface. I can connect via ssh/https
    > the inside interface when I come from the local network but not when I
    > come through the VPN tunnel.
    >
    > How can one configure the ASA to allow management access through VPN?
    > I don't want to bind it to the outside interface because then
    > everybody from the Internet can access the firewall.
    >
    > Using the separate management port for this does not work for us
    > because
    > - the Allied Telesyn Switch on the other side cannot do VLAN routing
    > - the ASDM forbids to add two routes to the same subnet on two
    > interfaces to two separate gateways.
    > - the ASDM does not allows the inside and management interface to be
    > on the same subnet.
    >
    > Thanks in advance for help.
    >
    > Regards,
    > Bernd
    >



    > How can one configure the ASA to allow management access through VPN?

    By adding the command

    management-access inside
    mcaissie, Mar 22, 2007
    #2
    1. Advertising

  3. Bernd Nies

    Bernd Nies Guest

    Hi,

    > By adding the command
    >
    > management-access inside


    Thanks. I had already that option - just forgot to add the interface
    network to the network object group on the remote side.

    Bye,
    Bernd
    Bernd Nies, Mar 23, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin Bilgrav
    Replies:
    1
    Views:
    974
    Martin Bilgrav
    Dec 20, 2003
  2. K.J. 44
    Replies:
    2
    Views:
    3,162
    K.J. 44
    Oct 20, 2006
  3. Replies:
    1
    Views:
    3,348
  4. Tilman Schmidt
    Replies:
    1
    Views:
    2,572
    Thrill5
    Oct 22, 2008
  5. lesniak81
    Replies:
    0
    Views:
    2,197
    lesniak81
    Jan 13, 2009
Loading...

Share This Page