Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
5
Helpful
2
Replies

Access Inside interface from Outside

snarayanaraju
Level 4
Level 4

‎09-16-2009 12:12 AM - edited ‎03-11-2019 09:15 AM

Hi Experts,

I request your help in clarifying the scenario below in FWSM:

I want to access my INSIDE interface (ip address 10.1.1.1) from a server located in OUTSIDE interface (ip address 218.248.17.116).

I learned that it is not by default possible in FWSM to access an another interface (INSIDE) from one zone (OUTSIDE).

Is this possible to achieve if I configure IPSEC VPN in FWSM

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 group 2

isakmp policy 1 hash sha

isakmp enable OUTSIDE

crypto ipsec tran-set vpn esp-3des esp-sha-hmac

isakmp key SAIRAM address 218.248.17.116

access-list TUNNEL extended permit ip host 218.248.17.1 218.248.17.1 255.255.255.0

crypto map telnet_tunnel 2 ipsec-isakmp

crypto map telnet_tunnel 1 match address TUNNEL

crypto map telnet_tunnel 1 set peer 218.248.17.1

crypto map telnet_tunnel 1 set transform-set vpn

crypto map telnet_tunnel interface outside

telnet 218.248.17.0 255.255.255.0 OUTSIDE

Please share your valuable ideas .

THANKS IN ADVANCE

sairam

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎09-16-2009 12:47 AM

Sairam

Have a look at the "management-access" command which allows you to designate an interface that can be connected to from another zone -

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/command/reference/m.html#wp1637044

Jon

snarayanaraju
Level 4
Level 4
In response to Jon Marshall

‎09-16-2009 05:49 AM

Hi Marshall,

Thanks for your ideas and suggestions.The link your provided is very helpful.

So, My requirement is also the same. I have a PRIMARY SNMP server in INSIDE zone and SECONDARY SNMP server in the OUTSIDE zone.

Since both the SNMP server should be configured with the same IP address of the , I should be able to reach the INSIDE interface IP address from the OUTSIDE zone.

Hope this configuration should work for my scenario

sairam

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card