Here is an example of a working configuration on version 8.4 to manage (via ssh and http or ASDM) a Cisco ASA over a VPN client.
interface GigabitEthernet0/0
nameif untrust
security-level 0
ip address 1.1.5.7 255.255.255.0
!
interface GigabitEthernet0/1
nameif trust
security-level 100
ip address 10.99.18.240 255.255.255.224
ip local pool vpnpool 10.99.81.1-10.99.81.254 mask 255.255.255.0
management-access trust
nat (trust,untrust) source static 10.99.0.0 10.99.0.0 destination static 10.99.81.0 10.99.81.0 route-lookup
ssh 10.99.81.0 255.255.255.0 trust
http 10.99.81.0 255.255.255.0 trust
This allows you to hit the trust interface with ASDM or ssh after you VPN into the Cisco ASA. Note that the 'route-lookup' switch under the nat (exempt) rule is often overlooked!
_k
No comments:
Post a Comment