Parvez, I thought that tunnel is between ASA1 and ASA2. In this topology configuration is ok.
Regards Piotr 2012/7/7 Fawad Khan <[email protected]> > Have you tried run a debug or packet capture I confirm that the packet is > reaching the outside interface. > Since it working from inside hence I am ruling out the aaa authentication > and username requirements. > > > On Saturday, July 7, 2012, Jason Madsen wrote: > >> Hi everyone, >> >> If I understood Parvez' email, the VPN is not a LAN-2-LAN between ASAs. >> It looks as though the VPN is between ASA1 and the RTR. >> >> Based on that topology, I think his original SSH statements look ok. >> However, let me know if I missed something. >> >> Parvez, >> >> SSH traffic to the ASA itself doesnt require any "permits" on the outside >> ACL. Just a corresponding "ssh" statement, which u have. >> >> Double-check ASA1 and ensure your routing and VPN setup is correctly >> directing 10.60.x.x destined traffic through the VPN, and that your >> 10.70.x.x sourced traffic is not being NAT'd (on ASA1 or on your RTR)...if >> it arrives at ASA2 other than 10.70.x.x, it won't match your "ssh" >> statement. >> >> Likewise verify the reverse path and ensure that 10.60.x.x is included in >> your interesting VPN traffic on your RTR, and that routing to it is up, and >> that you're exempting it from NAT for VPN traffic. >> >> Jason >> >> Sent from my iPhone >> >> >> On Jul 7, 2012, at 12:36 AM, Piotr Tokarzewski < >> [email protected]> wrote: >> >> Hi, >> >> You must set management interface: >> management-access inside >> >> and then use this interface instead of outside: >> >> SSh 10.70.X.X Inside >> >> SSh 10.60.X.X Inside >> >> Regards >> Piotr >> >> 2012/7/7 Parvez Ahmad <[email protected]> >> >>> Hello, >>> >>> Topology >>> >>> >>> LAN1(10.70.X.X)-------ASA1(Public)--------------Internet-------------(Public)Router1-----(Outside)ASA2(Inside)----LAN2(10.60.X.X) >>> >>> >>> >>> There is site to site IPSec tunnel between ASA1 and Router1; I want to >>> access ASA2 over the VPN form LAN1. >>> >>> >>> I put below commands on ASA2 by taking remote. >>> >>> >>> SSh 10.70.X.X outside >>> >>> SSh 10.60.X.X Inside >>> >>> >>> And apply an ACL to permit source IP (10.70.x.x)and destination IP (any) >>> port tcp 22 on outside interface. >>> >>> >>> But it is still not working. However it is working form LAN2. >>> >>> >>> Please suggest, how I can access ASA2 over the IPSec VPN from LAN1. >>> >>> >>> >>> Thanks, >>> >>> Parvez >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, >>> please visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> > > -- > FNK >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
