Configuring management access over a vpn tunnel, Licensing requirements for a management interface, Guidelines and limitations – Cisco ASA 5505 User Manual

Page 752

Advertising
background image

37-12

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 37 Configuring Management Access

Configuring Management Access Over a VPN Tunnel

The following example shows how to allow the host at 10.1.1.15 to use only ping to the inside interface,
enter the following command:

hostname(config)# icmp permit host 10.1.1.15 inside

The following example shows how to deny all ping requests and permit all packet-too-big messages (to
support path MTU discovery) at the outside interface:

hostname(config)# ipv6 icmp deny any echo-reply outside

hostname(config)# ipv6 icmp permit any packet-too-big outside

The following example shows how to permit host 2000:0:0:4::2 or hosts on prefix 2001::/64 to ping the
outside interface:

hostname(config)# ipv6 icmp permit host 2000:0:0:4::2 echo-reply outside

hostname(config)# ipv6 icmp permit 2001::/64 echo-reply outside

hostname(config)# ipv6 icmp permit any packet-too-big outside

Configuring Management Access Over a VPN Tunnel

If your VPN tunnel terminates on one interface, but you want to manage the ASA by accessing a different
interface, you can identify that interface as a management-access interface. For example, if you enter the
ASA from the outside interface, this feature lets you connect to the inside interface using ASDM, SSH,
Telnet, or SNMP; or you can ping the inside interface when entering from the outside interface.
Management access is available via the following VPN tunnel types: IPsec clients, IPsec site-to-site, and
the AnyConnect SSL VPN client.

This section includes the following topics:

Licensing Requirements for a Management Interface, page 37-12

Guidelines and Limitations, page 37-12

Configuring a Management Interface, page 37-13

Licensing Requirements for a Management Interface

The following table shows the licensing requirements for this feature:

Guidelines and Limitations

This section includes the guidelines and limitations for this feature.

Context Mode Guidelines

Supported in single mode.

Firewall Mode Guidelines

Supported in routed mode.

Model

License Requirement

All models

Base License.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals