Access Inside interface from Outside

Unanswered Question
Sep 16th, 2009
User Badges:

Hi Experts,

I request your help in clarifying the scenario below in FWSM:

I want to access my INSIDE interface (ip address from a server located in OUTSIDE interface (ip address

I learned that it is not by default possible in FWSM to access an another interface (INSIDE) from one zone (OUTSIDE).

Is this possible to achieve if I configure IPSEC VPN in FWSM

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 group 2

isakmp policy 1 hash sha

isakmp enable OUTSIDE

crypto ipsec tran-set vpn esp-3des esp-sha-hmac

isakmp key SAIRAM address

access-list TUNNEL extended permit ip host

crypto map telnet_tunnel 2 ipsec-isakmp

crypto map telnet_tunnel 1 match address TUNNEL

crypto map telnet_tunnel 1 set peer

crypto map telnet_tunnel 1 set transform-set vpn

crypto map telnet_tunnel interface outside

telnet OUTSIDE

Please share your valuable ideas .



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
snarayanaraju Wed, 09/16/2009 - 05:49
User Badges:

Hi Marshall,

Thanks for your ideas and suggestions.The link your provided is very helpful.

So, My requirement is also the same. I have a PRIMARY SNMP server in INSIDE zone and SECONDARY SNMP server in the OUTSIDE zone.

Since both the SNMP server should be configured with the same IP address of the , I should be able to reach the INSIDE interface IP address from the OUTSIDE zone.

Hope this configuration should work for my scenario



This Discussion