Solved

Cisco ASA 5505 Remote Management via Client VPN

Posted on 2009-04-07
2
392 Views
Last Modified: 2012-05-06
I am new to Cisco ASA configurations and am setting up a 5505 for a client. I have setup a Client VPN to perform remote management. The VPN connects ok but I cannot see anything inside which means I cannot manage 192.168.1.1. I could use some quick help this evening so a quick, complete answer will be appreciated and rewarded.
I would prefer to work CLI and have experience in many other firewall brands. Sanitized configuration is below.Thanks for the help!
sh conf

: Saved

: Written by enable_15 at 18:56:23.489 UTC Tue Apr 7 2009

!

ASA Version 7.2(4) 

!

hostname HOSTNAME

domain-name DOMAINNAME

enable password uGDbsQsrSt9NI0Xr encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.1.1 255.255.255.0 

!

interface Vlan2

 nameif outside

 security-level 0

 ip address EXTIP 255.255.255.128 

!

interface Vlan3

 shutdown

 no forward interface Vlan1

 nameif dmz

 security-level 50

 no ip address

!

interface Ethernet0/0

 switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS

 name-server NAMESERVER1

 name-server NAMESERVER2

 domain-name DOMAINNAME

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

access-list outside_access_in extended permit icmp any any echo-reply 

access-list inside_nat0_outbound extended permit ip any 192.168.1.248 255.255.255.248 

access-list INSupport_splitTunnelAcl standard permit any 

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

icmp permit host PINGFROM1 outside

icmp permit host PINGFROM2 outside

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 OUTSIDEGATEWAY 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 

crypto dynamic-map inside_dyn_map 20 set pfs group1

crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map inside_dyn_map 40 set pfs group1

crypto dynamic-map inside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 40 set pfs group1

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 60 set pfs group1

crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 80 set pfs group1

crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 100 set pfs group1

crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA

crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map

crypto map inside_map interface inside

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable inside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd dns DNS1

dhcpd wins DNS2

dhcpd auto_config outside

!

dhcpd address 192.168.1.21-192.168.1.40 inside

dhcpd dns DNS1 DNS2 interface inside

dhcpd domain DOMAINNAME interface inside

dhcpd auto_config outside interface inside

dhcpd enable inside

!
 

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny 

  inspect sunrpc 

  inspect xdmcp 

  inspect sip 

  inspect netbios 

  inspect tftp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:4aff26ba27c533f5080da7f5daf3cf01
 

HOSTNAME(config)#

Open in new window

0
Comment
Question by:vbrick57
2 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 500 total points
ID: 24093839
try adding the following statement to your config:
management-access inside
0
 

Author Closing Comment

by:vbrick57
ID: 31567854
that did the trick. Thanks much for the quick answer!!!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now