Solved

Cisco ASA 5505 Remote Management via Client VPN

Posted on 2009-04-07
2
393 Views
Last Modified: 2012-05-06
I am new to Cisco ASA configurations and am setting up a 5505 for a client. I have setup a Client VPN to perform remote management. The VPN connects ok but I cannot see anything inside which means I cannot manage 192.168.1.1. I could use some quick help this evening so a quick, complete answer will be appreciated and rewarded.
I would prefer to work CLI and have experience in many other firewall brands. Sanitized configuration is below.Thanks for the help!
sh conf

: Saved

: Written by enable_15 at 18:56:23.489 UTC Tue Apr 7 2009

!

ASA Version 7.2(4) 

!

hostname HOSTNAME

domain-name DOMAINNAME

enable password uGDbsQsrSt9NI0Xr encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.1.1 255.255.255.0 

!

interface Vlan2

 nameif outside

 security-level 0

 ip address EXTIP 255.255.255.128 

!

interface Vlan3

 shutdown

 no forward interface Vlan1

 nameif dmz

 security-level 50

 no ip address

!

interface Ethernet0/0

 switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS

 name-server NAMESERVER1

 name-server NAMESERVER2

 domain-name DOMAINNAME

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

access-list outside_access_in extended permit icmp any any echo-reply 

access-list inside_nat0_outbound extended permit ip any 192.168.1.248 255.255.255.248 

access-list INSupport_splitTunnelAcl standard permit any 

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

icmp permit host PINGFROM1 outside

icmp permit host PINGFROM2 outside

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 OUTSIDEGATEWAY 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 

crypto dynamic-map inside_dyn_map 20 set pfs group1

crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map inside_dyn_map 40 set pfs group1

crypto dynamic-map inside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 40 set pfs group1

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 60 set pfs group1

crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 80 set pfs group1

crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 100 set pfs group1

crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA

crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map

crypto map inside_map interface inside

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable inside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd dns DNS1

dhcpd wins DNS2

dhcpd auto_config outside

!

dhcpd address 192.168.1.21-192.168.1.40 inside

dhcpd dns DNS1 DNS2 interface inside

dhcpd domain DOMAINNAME interface inside

dhcpd auto_config outside interface inside

dhcpd enable inside

!
 

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny 

  inspect sunrpc 

  inspect xdmcp 

  inspect sip 

  inspect netbios 

  inspect tftp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:4aff26ba27c533f5080da7f5daf3cf01
 

HOSTNAME(config)#

Open in new window

0
Comment
Question by:vbrick57
2 Comments
 
LVL 9

Accepted Solution

by:
craigothy earned 500 total points
ID: 24093839
try adding the following statement to your config:
management-access inside
0
 

Author Closing Comment

by:vbrick57
ID: 31567854
that did the trick. Thanks much for the quick answer!!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now