I have a functioning site to site VPN between two ASAs, but cannot administer the remote device on its private "inside" interface address, only on its public. Pings to the interface also fail. Everything works fine when connecting locally to it from a host on the remote network.
management-access Enables access to an internal management interface on the firewall.
[no] management-access mgmt_if
Syntax Description mgmt_if The name of the firewall interface to be used as the internal management interface.
Command Modes The management-access mgmt_if command is available in configuration mode.
The show management-access is available in privileged mode.
Usage Guidelines The management-access mgmt_if command enables you to define an internal management interface using the IP address of the firewall interface specified in mgmt_if. (The firewall interface names are defined by the nameif command and displayed in quotes, " ", in the show interface output.)
In PIX Firewall software Version 6.3, this command is supported for the following through an IPSec VPN tunnel only, and only one management interface can be defined globally:
?SNMP polls to the mgmt_if
?HTTPS requests to the mgmt_if
?PDM access to the mgmt_if
?Telnet access to the mgmt_if
?SSH access to the mgmt_if
?Ping to the mgmt_if
The show management-access command displays the firewall management access configuration.
Examples The following example shows how to configure a firewall interface named "inside" as the management access interface:
pixfirewall(config)# management-access inside pixfirewall(config)# show management-access management-access inside