Saturday, August 11, 2012

Cisco ASA Management over VPN Client

Here is an example of a working configuration on version 8.4 to manage (via ssh and http or ASDM) a Cisco ASA over a VPN client.

interface GigabitEthernet0/0

 nameif untrust
 security-level 0
 ip address
interface GigabitEthernet0/1
 nameif trust
 security-level 100
 ip address

ip local pool vpnpool mask

management-access trust

nat (trust,untrust) source static destination static route-lookup

ssh trust

http trust

This allows you to hit the trust interface with ASDM or ssh after you VPN into the Cisco ASA. Note that the 'route-lookup' switch under the nat (exempt) rule is often overlooked!


No comments:

Post a Comment