Access Inside interface from Outside

Unanswered Question
Sep 16th, 2009

Hi Experts,


I request your help in clarifying the scenario below in FWSM:


I want to access my INSIDE interface (ip address 10.1.1.1) from a server located in OUTSIDE interface (ip address 218.248.17.116).


I learned that it is not by default possible in FWSM to access an another interface (INSIDE) from one zone (OUTSIDE).


Is this possible to achieve if I configure IPSEC VPN in FWSM

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 group 2

isakmp policy 1 hash sha

isakmp enable OUTSIDE

crypto ipsec tran-set vpn esp-3des esp-sha-hmac

isakmp key SAIRAM address 218.248.17.116

access-list TUNNEL extended permit ip host 218.248.17.1 218.248.17.1 255.255.255.0

crypto map telnet_tunnel 2 ipsec-isakmp

crypto map telnet_tunnel 1 match address TUNNEL

crypto map telnet_tunnel 1 set peer 218.248.17.1

crypto map telnet_tunnel 1 set transform-set vpn

crypto map telnet_tunnel interface outside

telnet 218.248.17.0 255.255.255.0 OUTSIDE


Please share your valuable ideas .


THANKS IN ADVANCE


sairam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
snarayanaraju Wed, 09/16/2009 - 05:49

Hi Marshall,


Thanks for your ideas and suggestions.The link your provided is very helpful.


So, My requirement is also the same. I have a PRIMARY SNMP server in INSIDE zone and SECONDARY SNMP server in the OUTSIDE zone.


Since both the SNMP server should be configured with the same IP address of the , I should be able to reach the INSIDE interface IP address from the OUTSIDE zone.


Hope this configuration should work for my scenario


sairam

Actions

This Discussion