![]() ![]() Say I've got an inside interface of 198.51.100.1 and an outside interface of 203.0.113.1. For example, if you enter the ASA from the outside interface, this command lets you connect to the inside interface using Telnet, or you can ping the inside interface when entering from the outside interface.īut, that's not really the whole story this command is also important when the firewall is the initiator of traffic that needs to cross interfaces (say, to get encapsulated through a VPN tunnel) too. This command allows you to connect to an interface other than the one you entered the ASA from when using a full tunnel IPSec VPN or SSL VPN client (An圜onnect 2.x client, SVC 1.x) or across a site-to-site IPSec tunnel. Well, Cisco says that it's just for when you need to manage the device from the far side of a VPN tunnel: So, what's the management-access command really do? Moreso, only one management-access interface is allowed to exist, yet multiple interfaces can easily be specified in your http and ssh commands to allow traffic to come in any number of desired interfaces. Note that this configuration does not include a management-access command, yet works just fine. Management traffic (which interfaces it listens on, and which addresses are allowed) is controlled by the http and ssh commands ( telnet too, but leave it off!): http server enable The management-access command is a bit of a misnomer - it doesn't dictate which interface can receive management traffic. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |