Cisco ASA Management access from VPN

By | 20. February 2014

During my study for the Cisco FIREWALL v2.0 exam I came across an issue today. I am connecting to our lab via a Cisco firewall via IPSec VPN. However, I had to modify the ASA’s config from this remote session. The question now was, how to allow remote management from the VPN pool. The topology looks like this:

ASA-VPN-Config-Example

The Teleworker Group connects via IPSec to the outside interface of the firewall. My first solution simply was to enable http access for the VPN IP range on the inside interface:

This, however, did not work as expected. HTTP Access to the inside IP address xx.xx.193.254 did not work through the tunnel. The trick is to enable management-access for the inside interface in global configuration mode in addition to the existing http/ssh entry:

After adding this statement, management access to the ASA using the inside interface over VPN worked perfectly. Happy firewalling!

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.