Cannot ping or telnet internal PIX 501 Interface

Answered Question
May 29th, 2008
User Badges:


I have a VPN link from a PIX501 at our remote office to a ASA5510 at our main office.

Remote Office, Main Office

A client on the network cannot ping, http or telnet the PIX501 internal interface although can connect to clients OK e.g.

The PIX config is below can anyone spot what is causing this, Thanks in advance.

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxxxxxxx encrypted

passwd Xxxxxxx encrypted

hostname xxxxxxxx


clock timezone LINT 14

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000


name OfficeHQ

access-list inside_nat0_outbound permit ip OfficeHQ

access-list outside_cryptomap_60 permit ip OfficeHQ

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside x.x.x.x

ip address inside

ip audit info action alarm

ip audit attack action alarm

pdm location OfficeHQ outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0 0

route outside x.x.x.x 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto map outside_map 60 ipsec-isakmp

crypto map outside_map 60 match address outside_cryptomap_60

crypto map outside_map 60 set peer x.x.x.x

crypto map outside_map 60 set transform-set ESP-3DES-MD5

crypto map outside_map interface outside

isakmp enable outside

isakmp key ******** address x.x.x.x netmask no-xauth no-config-mode

isakmp key ******** address x.x.x.x netmask no-xauth no-config-mode

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

telnet inside

telnet timeout 5

ssh timeout 5

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain xxxxxxxxxxx

dhcpd auto_config outside

dhcpd enable inside

terminal width 80


Correct Answer by srue about 9 years 1 month ago

that's an older OS than what i'm used to, is the command "management-access inside" supported?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Correct Answer
srue Thu, 05/29/2008 - 10:44
User Badges:
  • Blue, 1500 points or more

that's an older OS than what i'm used to, is the command "management-access inside" supported?

shaw.chris Fri, 05/30/2008 - 04:00
User Badges:

Thanks for your help, the ssh access worked,

I have updated the PIX to 6.3(5) and issued the management-access inside command but still cannot get in for some reason.

srue Fri, 05/30/2008 - 04:09
User Badges:
  • Blue, 1500 points or more

since you just did a major OS upgrade on it, can you repost the config?

shaw.chris Mon, 06/02/2008 - 08:20
User Badges:

The "management-access inside" command did actually do the trick, Thanks for your help.


This Discussion