Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
6
Replies

PIX telnet/ssh access across Lan2Lan VPN

Go to solution
steve.wadge
Level 1
Level 1

‎04-03-2003 02:20 AM - edited ‎02-21-2020 12:27 PM

Scenario multiple Lan-Lan IPSEC VPNs between PIX F/Ws.

I need to remotely access/manage these PIX's either via Telnet/SSH & would prefer to do across the VPN tunnel.

NB I've tried configuring telnet/ssh for both inside/outside from my source but don't see it hitting the PIX.

As the Tunnel is effectively inside-inside I'm trying to connect to the inside interface of the pIX.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to nsteup

‎04-03-2003 06:28 PM

You cna do this now in 6.3 code with the "management-access" command. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#1137951 for details.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
chris.ames
Level 1
Level 1

‎04-03-2003 02:51 AM

Steve,

The only way I have achieved this in the past is to have a device, such as a PC running remote control software or a router, on the inside of the PIX that you can connect to, then initiate a telnet connection back to the PIX.

0 Helpful

Go to solution
nsteup
Level 1
Level 1

‎04-03-2003 04:03 AM

Put an entry into your crypto-acl on your local side like following:

access-list blabla permit ip "local LAN IP " mask host "outside remote pix IP"

and om the remote side like following:

access-list blabla permit ip host "outside remote pix IP" "LAN IP local" mask

allow telnet/ssh from your PC to the outside Interface

Altough it seemes to be insecure to telnet a PIX from outside, the traffic in fact is encrypted (I did a sniffer trace).

Hope this helps you

Regards Norbert

0 Helpful

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to nsteup

‎04-03-2003 06:28 PM

You cna do this now in 6.3 code with the "management-access" command. See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#1137951 for details.

0 Helpful

Go to solution
steve.wadge
Level 1
Level 1
In response to gfullage

‎04-04-2003 07:05 AM

Works a treat. Thks.

0 Helpful

Go to solution
dsamaan
Level 1
Level 1

‎04-04-2003 07:38 AM

I'm having the same problem. My tunnel works , but I can't connect to the inside IP address via Telnet, haven't tried SSH. though.

Can you answer me a dumb question. It seems that my postings are not posting. I'm using the e-mail address of ' np-forums_subscriptions@external.cisco.com' to do the posting but they never get there. am I using the wrong e-mail address or method. Are postinging only allowed thru the web site?

0 Helpful

Go to solution
steve.wadge
Level 1
Level 1
In response to dsamaan

‎04-04-2003 07:45 AM

I've only posted via the website so I don't know about using email.

On the problem front upgrade to 6.3 has cured my problem.

0 Helpful
Customers Also Viewed These Support Documents