09-16-2009 12:12 AM - edited 03-11-2019 09:15 AM
Hi Experts,
I request your help in clarifying the scenario below in FWSM:
I want to access my INSIDE interface (ip address 10.1.1.1) from a server located in OUTSIDE interface (ip address 218.248.17.116).
I learned that it is not by default possible in FWSM to access an another interface (INSIDE) from one zone (OUTSIDE).
Is this possible to achieve if I configure IPSEC VPN in FWSM
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 group 2
isakmp policy 1 hash sha
isakmp enable OUTSIDE
crypto ipsec tran-set vpn esp-3des esp-sha-hmac
isakmp key SAIRAM address 218.248.17.116
access-list TUNNEL extended permit ip host 218.248.17.1 218.248.17.1 255.255.255.0
crypto map telnet_tunnel 2 ipsec-isakmp
crypto map telnet_tunnel 1 match address TUNNEL
crypto map telnet_tunnel 1 set peer 218.248.17.1
crypto map telnet_tunnel 1 set transform-set vpn
crypto map telnet_tunnel interface outside
telnet 218.248.17.0 255.255.255.0 OUTSIDE
Please share your valuable ideas .
THANKS IN ADVANCE
sairam
09-16-2009 12:47 AM
Sairam
Have a look at the "management-access" command which allows you to designate an interface that can be connected to from another zone -
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/command/reference/m.html#wp1637044
Jon
09-16-2009 05:49 AM
Hi Marshall,
Thanks for your ideas and suggestions.The link your provided is very helpful.
So, My requirement is also the same. I have a PRIMARY SNMP server in INSIDE zone and SECONDARY SNMP server in the OUTSIDE zone.
Since both the SNMP server should be configured with the same IP address of the , I should be able to reach the INSIDE interface IP address from the OUTSIDE zone.
Hope this configuration should work for my scenario
sairam
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: