When the Easy VPN Remote connects to a headend device, there are a minimum of five security associations (SAs), including one Internet Key Exchange (IKE) and four IPSec associations. When the Easy VPN Remote connects to the headend, it always negotiates two IPSec SAs with the IP address of the PIX outside interface to any address behind the VPN server. This may be used for management purposes to connect to the PIX outside interface from the network behind the IOS router (either via Secure Shell (SSH) or Secure HTTP for PIX Device Manager (PDM) usage or Telnet).
Pix docs for telnet say you can use the outside interface only if you have at least crypto map set up.
Do I need to do a just a "crypto map name 10 ipsec-isakmp" and then a telnet x.x.x.x outside to manage the pix?
Anyone that has done this, I would appreciate any help.
As you're aware, you cna only telnet to the PIX outside interface if you come in over a VPN tunnel. The telnet docs are probably a bit outdated and need to be revised since EzVPN has come along, since with EzVPN it pretty much does all that for you. When an EzVPN tunnel is created, two tunnels are created, one to the PIX inside subnet, and one to the PIX outside interface. Because of this second tunnel, you should then be able to telnet to the PIX outside interface from the other remote subnet. all you should need in the PIX is:
> telnet x.x.x.x outside
For security's sake, just add the network behind the other device into the telnet command, don't make it 0.0.0.0, it's just that little bit more secure.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...