Thursday, February 13, 2014

Configuring Telnet or SSH access across a VPN tunnel on a Cisco ASA (8.4+ - 9.1)

Want to enable telnet / ssh management of a Cisco ASA across a VPN tunnel?

In 8.2 and below, you simply use the command:
management-access inside

You may have noticed in post 8.4 that no longer works.   In post 8.4, you need to add the route-lookup command to your VPN nat statement.
management-access inside

nat (inside,outside) source static LocalSubnet LocalSubnet destination static RemtoeSubnet RemoteSubnet route-lookup

Of course, you need to enable telnet or ssh-
ssh 0.0.0.0 0.0.0.0 inside
telnet 0.0.0.0 0.0.0.0 inside

(But don't use telnet, it's ghetto and insecure.)

No comments:

Post a Comment