We test the management part of PIX via VPN using 'management-access' command and normal HTTPS/SSH access from internet to outside interface. This works fine.
But if you want to access the outside interface via the tunnel itself, I don't think it might work. This is because you are assigned with internal private IP when you successfully connect via VPN. If you need to manage your Firewall, then this is where the 'management-access' command helps you/network admin.
As you know, in PIX, you can't access or even ping interface that is not directly connected to your segment, i.e inside host cannot ping outside/dmz interface IP.
The only option is either access the PIX via your directly connected interface, or if it's from outside/internet, you have to go in via outside interface. Same goes to VPN access, you're only allowed to go via inside interface.
The Cisco ADSL router terminate IPSec VPN tunnels, and i can access the outside interface when change the management access to outside. this is OK.
But my question, when i'm connected and asigned private ip address from the router pool, i tried to access the dedicated management interface at the ASA but i can't, and from the log messages, the packets were dropped, it seems the ASA assume this is normal traffic "not only management traffic" and drop it. but, when i tried from local network through the inside interface it works fine.
Note: i opened the required ports from my assigned ip address to the management interface at the access list applied at the outside interface.
Anyway, thank you, and i think the best solution is to enable the management access at the outside interface in order to support this customer.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :