cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
2
Replies

Manage PIX via VPN

kevin_noll
Level 1
Level 1

I am setting up a LAN-to-LAN VPN between a VPN3030 and a PIX 501. I am able to pass traffic through the VPN from PCs or Servers on either side.

I would like to be able to telnet/ssh to the PIX over the VPN so that I am able to manage it remotely. I am currently unable to accomplish this. It appears that the VPN3030 is attempting to send the telnet traffic to the PIX (e.g. telnet to the inside interface IP address), but I never see any return traffic.

Is there a trick to making this work?

My PIX crypto config is:

access-list 101 permit ip 10.68.2.0 255.255.255.0 10.32.0.0 255.255.0.0

access-list 101 permit ip 10.68.2.0 255.255.255.0 172.16.0.0 255.240.0.0

access-list 101 permit ip 10.68.2.0 255.255.255.0 10.64.16.0 255.255.252.0

access-list nonat permit ip 10.68.2.0 255.255.255.0 10.32.0.0 255.255.0.0

access-list nonat permit ip 10.68.2.0 255.255.255.0 172.16.0.0 255.240.0.0

access-list nonat permit ip 10.68.2.0 255.255.255.0 10.64.16.0 255.255.252.0

sysopt connection permit-ipsec

crypto ipsec transform-set cptlxfrm esp-3des esp-md5-hmac

crypto map dovpn 10 ipsec-isakmp

crypto map dovpn 10 set peer 192.168.216.22

crypto map dovpn 10 set peer 192.168.216.21

crypto map dovpn 10 set transform-set cptlxfrm

crypto map dovpn interface outside

isakmp enable outside

isakmp key ******** address 192.168.216.22 netmask 255.255.255.255

isakmp key ******** address 192.168.216.21 netmask 255.255.255.255

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 28800

2 Replies 2

pdentico
Level 1
Level 1

It seems that you are running 6.31 by the nat-traversal command. In that case you can enable the management with the command "management-access inside"

Then make sure that you have the ip address that you're trying to connect with set int the telnet or ssh or http statement.

That was it! Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: