Question i want to access the pdm webpage of my pix501 when the vpn connection is open.
I can already reach it local, so http server enable is already configured. i also have the command:http 172.16.251.1 255.255.255.255 outside
(i thing it see the vpn as outside) and i configured the command: pdm location 172.16.251.1 255.255.255.255 outside
still cannot reach it when the vpn is connected..
What do i need to do?
172.16.251.1 is the ip adres i get from the pix when i setup a vpn connection..
the device is 172.16.250.253
and.. i don't know.. when im connected by vpn and i wan't to access the pdm website.. is that then inside traffic or still outside??
Have you tried adding the
The Pix may not be treating them as being outside as you can have the clients appear on a dmz or on the inside when it comes to implementing access control.
Hope this helps
Http 172.16.251.1 255.255.255.255 inside
is also already in the config... but does not help...
somehow the pix is still seing this subnet/ip adres as not trusted... because this command is working just from the inside netwerk 172.16.250.0
Can you PING the inside IP of the ASA through the VPN tunnel?
To be able to access the internal IP of the ASA through VPN, you need the management access-inside command.
Besides able to PING the IP, to enable PDM access, you must enable HTTP access for the IP of the VPN pool for the clients.
This should work.
Great!!! this works... the command Management-access inside did the
Perhaps some other question... when im trying the get a connection from my business (with also an asa)
i get a connection but.. i cannot ping or access anything... (only when im using a internet connection
without an asa) it is working.
I get some debug message saying:305006: regular translation creation failed for protocol 50 src INSIDE
can i fix this on my pix? or is this some config issue on the asa at my work?
The error means that IP protocol 50 (which is ESP) does not match any translation rule.
This is not necessarily a problem.
Could you provide more details about the problem that you're having now?
the problem is... i can get a connection to the pix... and have an ip adres from the vpn pool.. but cannot reach anything....
and this is only when im connecting from our asa here...
When you say connecting from your ASA, you mean there's a Site-to-Site VPN tunnel established?
I don't think so, because you say that you get an IP from the VPN pool (so, it's a remote VPN client connection I assume).
Correct me if I'm wrong...
The problem is when establishing a VPN client connection going through your ASA.
If this is the case, is your ASA performing PAT for your Internet connection?
Do you have NAT-T enabled on the VPN headend ASA?
yeah that's right.. no site to site connection... just throw another asa to the outside world...
ehh nat-t ? just beginning with the pix...
i don't think its enabled... how to configure this?
You say the VPN connection does not work when going through your ASA.
If you connect from another site (without going through ASA) it works correct?
Then most likely, your ASA is blocking either UDP 500 or ESP (IP protocol 50).
Also check if you have ''crypto isakmp nat-traversal'' enabled on the ASA that terminates the VPN tunnel.
Let me know if this is the case.