Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Accessing ASDM through VPN (IPsec site 2 site)

Status
Not open for further replies.

krede

IS-IT--Management
Mar 2, 2009
5
DK
Hi.
I'm new to Cisco ASA boxes, but is now involved in setting up a ASA 5505. Everything seems to be running fine but i have one problem.
The ASA (HQ)is connected to 2 other boxes with IPsec VPN - one of these boxes are located in my home. my problem is that im unable to manage (ASDM) on the HQ box through PCs on my own lan (home).
I've seen post around on the net that i need to set "Management Access Interface" to "Inside" - after doing this I can see the certificate warning - but when accepting it IE just throws me an "Page not found"
HQ box has HTTPS from WAN IP forwardet to internal server (exchange webmail) - can that be the reason?
 
whats the result in mozilla? have you tried to uninstall and reinstall your certs?
 
Is there a box that you can RDP to on the inside of the HQ network to see if you can manage it from there?? What IPs have you allowed access to asdm and http management in your config??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
North323:
nope haven't tried that.

unclerico:
Yes i can RDP to a server in HQ - Management from that server works fine!

Where in the GUI should i put my home IPs? In the access rules or service rules or management access windows?

Krede
 
Where in the GUI should i put my home IPs? In the access rules or service rules or management access windows?
lol, honestly I don't know. I've never used the ASDM. I only know how to add it via CLI. I would assume it would be in the management access window.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
hmm okay - Can you tell me how to do it in CLI? what are the commands?
 
http <remote_subnet> <mask> outside

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
I’ve spend most of my evening troubleshooting my ADSM management issues through VPN tunnel and think is my home VPN server (Monowall) that has some issues.
I’ve tried to setup an exact match tunnel on a watchguard box, and from here it work fine.
...Strange.
 
Try:
http <remote_subnet> <mask> inside
management-access inside

Even though you are coming from the outside I believe it appears as an inside address.

You could try both, I’m sure one will work I’ve used it before.

I currently use CLI over the VPN. These two commands allow it to work:

ssh <vpn.pc.ip.addr> 255.255.255.255 inside
management-access inside

-Ryan
 
It seems te be a network problem in my own lokation. I tried to make the same setup to another network also with monowall and that works. I think its an MTU problem in my network. my monowall is running in a seperat VLAN on a VMware ESX server.

I have made the settings that rbradely was writting about.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top