L2L VPN: Telnet or SSH Access problems with ACS server on Outside Interface

Discussion in 'Cisco' started by Lowell Yates, Mar 2, 2009.

  1. Lowell Yates

    Lowell Yates

    Feb 27, 2009
    Likes Received:
    Let me explain my set up.

    I have small remote offices using ASA 5505's. They all tunnel back to an ASA 5540 headend which gives the users access to the corporate network. This corporate LAN is where the ACS server is located. No problems with any user access ... life is good.

    The problem I have is that I need to administer the remote ASA's remotely over the tunnel. I don't want to use local modems connected to the console port.

    When using the console port locally to access the 5505 config, I can't ping anything on the corporate network. I can ping from a host pc so the tunnel is good. It looks obvious I don't have a route when pinging from the CLI, It looks like I'm not getting on the tunnel from inside the ASA using CLI.

    The following is a stripped down version of the aaa commands but I'm not getting a route to begin with.

    Question. How can I get a route back to the corporate network over the tunnel so I can get TACACS to authenticate telnet or ssh and administer the remote ASA?

    aaa-server TACACS_SERVER protocol tacacs
    aaa-server TACACS_SERVER host
    timeout 20
    key fakesuperduperpassword

    aaa authentication telnet console TACACS_SERVER LOCAL
    aaa authentication ssh console TACACS_SERVER LOCAL

    ssh 10.x.x.x outside
    telnet 10.x.x.x outside

    Thanks VERY much!
    Lowell Yates, Mar 2, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.