KB ID 0000925
Problem
I haven’t needed to use my AnyConnect for a long time. But this week I needed to spin up some test servers. I connected fine, but I could not access the ASA via telnet, SSH or ASDM.
Solution
1. Traditionally all you needed to do to manage an ASA from a remote VPN session, was to set the management-access to inside.
[box]
User Access Verification Password: Type help or '?' for a list of available commands. Petes-ASA> enable Password: ******** Petes-ASA# configure terminal Petes-ASA(config)# management-access inside
[/box]
2. Post version 8.3 you also need to have the route-lookup keyword on the end of the NAT statement (the one that stops the remote VPN subnet being NATTED).
[box]
PetesASA# show run nat
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.253.253.0_24 NETWORK_OBJ_10.253.253.0_24 no-proxy-arp route-lookup
[/box]
3. Finally make sure you have the same-security-traffic permit intra-interface command enabled.
[box]
Petes-ASA# configure terminal PetesASA(config)# same-security-traffic permit intra-interface
[/box]
Related Articles, References, Credits, or External Links
NA