Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Management-access pix command

Hi,

Can somebody explain the meaning of the pix command:

management-access inside

or

management-access outside

I red the command reference but it's not clear why this command is useful.

Somebody knows?

Regards,

chabral

3 REPLIES
New Member

Re: Management-access pix command

Silver

Re: Management-access pix command

For IPSec tunnels, you include the internal ip blocks in the crypto access lists - assume that 192.168.0.0/24 is in use at the remote site, and 192.168.0.1 is the inside interface of the remote pix. You cannot normally managed the pix by the ip address of the inside interface. This is especially troubling when the outside ip address is not included in the crypto access-lists (which is a good idea, as it may change, you might just not want it included, etc). To manage the remote pix, you then would either need to open ports in the firewall(s) to allow communication to the outside ip address, or adjust your crypto acl.

With the management access command, you can use the internal ip address for management purposes - ssh, snmp, etc. This is much cleaner to work with, as all mgmt traffic is included in the crypto acl that covers the entire site's internal netblock

Imagine you have 10 remote sites:

1.2.3.4 192.168.1.1

2.3.4.5 192.168.2.1

3.4.5.6 192.168.3.1

4.5.6.7 192.168.4.1

5.6.7.8 192.168.5.1

12.34.45.56 192.168.6.1

23.34.45.56 192.168.7.1

34.45.56.67 192.168.8.1

45.56.67.78 192.168.9.1

123.234.123.234 192.168.10.1

with the first ip being the outside, and the 2nd being the inside - it is much easy to remember each site by the internal ip address, rather than the often random external ip address.

So, for both configuration, and ease of remembrance purposes, the management-access command is handy

New Member

Re: Management-access pix command

Now i see the point. I never had the case until now, but this is a "must have".

Thanks,

chabral

605
Views
5
Helpful
3
Replies
CreatePlease to create content