I have deployed several PIX501s and PIX506s, all connected via IPSec VPN to a 3005 Concentrator. I would like to telnet over the VPN tunnel directly to the PIX inside interface, but can't seem to make it work. Is there a way around this? Or what is a better way to manage and troubleshoot many remote PIXes? Right now I'm telneting to a device beyond the remote PIX and telneting back to the inside interface. But not all sites have a device I can telnet to and back the PIX. Any hints? Thanks in advance.
You can use SSH to get to the outside interface of the remote PIXs or you can use PDM over the VPN tunnel to manage them. I have used both and prefer the command line interface with SSH. There is a document on how to use PDM on the CISCO web site. The url is http://www.cisco.com/warp/public/110/pdm_vpntun.html.
add your network via the telnet command. But as the other gentleman suggested look up PIX Device Manager. Its a GUI mgt system thats great for multiple pix's. There is not alot of VPN stuff in it yet, but you will be able to do most of your day to day.
remember when you add the network for telnet summarize it if its not on the same network as the the inside interface, otherwise it sees you as foreign.
I have the same problem . I wanna to get access to the PIX from inside. I've added the telnet command an still no working. Need I to add some conduits?? When the IPsec-tunnel was created I've created the conduits (conduit permit ip . for telnet:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...