Thursday, February 7, 2019

Logging into Cisco routed ASA from a device for which it's the default gateway

Hello, I have an ASA firewall in routed mode acting as the default gateway for several subnets. After looking through the running-config I found that it allows certain subnets to SSH into the FW, but my tests show that any given device can only SSH to the ASA only when using the ASA IP address in that same subnet (sample topology).

In the sample topology, 10.0.0.100 can only SSH into the ASA using 10.0.0.1, not 10.1.1.1. Also, the ASA has a management interface configured (not shown), but neither computer can log into it. The ASA has inbound ACLs allowing any host to SSH to any host from any interface, so I'm not sure what I'm missing.

I'd like to log into the ASA using the same IP address (preferably the mgmt interface) no matter where I'm starting from. Does anybody know what I'm missing here?



No comments:

Post a Comment