Cisco Support Community
Community Member

Can VPN into Pix 515e, but can't access network resources


can access websites and ports through the pix, but when I vpn into the pix:

1) I can't ssh to the inside interface. I have read that i need to set "management-access inside" - if I do this will this take over the inside interface? A co-worker said that if i set an interface to be an admin interface that this would happen and take down the interface - am I right in thinking the management-access inside command is not the same as creating a strictly admin interface (or whatever its real name is). I just want to be able to ssh after VPN connects without changing anything.

2) after VPN connects I cannot access any servers on the inside range, nor can I ping the inside interface. Do I need to somehow allow traffic from the vpn range in an access-list or something (this is NOT a tunnel but a remote VPN client).


Community Member

Re: Can VPN into Pix 515e, but can't access network resources

You are right. This will not take down the interface. There are two almost similar commands :


(this command will not allow you to pass any traffic trough it..)


management-access mgmt_if

(this command set an interface for uses trough a vpn tunell, and will not shut the interface. F eks syslog pols the mngm int, ntp request this int and you set ssh accesss to this int... and so)

You should not need any acl as long as you have entered in the command sysopt conection-permit ipsec. If you have this command you dont need to specify acl for that vpn traffic..

I think you have something wrong with your vpn config since you are not able to reach servers on inside. Could you show the config. I would just guessing without it..


Jens Petter

CreatePlease to create content