Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote Access to Inside of PIX via VPN

Case Description: There is a PIX 501 firewall whose outside IP is assigned by DHCP server, while the inside is static 192.168.1.1. There are two computers behind this firewall (inside), with a private static IPs of 192.168.1.4 (Computer A) and 192.168.1.6 (Computer B), respectively. Now from Computer B, I go to its browser and enter http://192.168.1.1/startup.html, the PDM is started up. This is right, because the PIX 501 (inside) and the Computer B are on the LAN.

Now, let's do the same on a remote Computer C via VPN. First I connect the Computer C to the PIX 501 via already defined VPN. After the connection, from the Computer C (remote), I go to its browser and enter http://192.168.1.1/startup.html. Guess what--the PDM was never got launched. --Why? Or, Any configuration I did wrong?

Thanks to help.

Scott

(Here is what I udersatnd the VPN. After the connection via VPN, my remote computer will become part of the LAN. Therefore theorectically, if I can use Computer B to launch the PDM, I could also launch the same from Computer C, too, i.e., I should be able to access the inside interface of the PIX. But it failed to do so.)

3 REPLIES

Re: Remote Access to Inside of PIX via VPN

HTTPS access to the PDM (PIX) via an IPSEC Tunnel

management-access mgmt_if

for example:

management-access inside

this allows pdm and telnet access to the pix's inside interface while connecting over an ipsec vpn tunnel

Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#wp1137951

sincerely

Patrick

New Member

Re: Remote Access to Inside of PIX via VPN

Thanks for the response.

1) The statement: management-access inside is to be issued from the CML. How can I do the same from the PDM's GUI interface? There should be an equivalent way of configuration from the PDM's GUI interface.

2) Suppose the management-access inside is issued. Now there is an Oracle Enterprise Manager installed on Computer A (with a private local IP of 192.168.1.4 as in the Case Description). Now I want to launch the tool from a remote PC via VPN tunnel, so I'll enter to the browser http://192.168.1.4:5500/oem. Can I do this? Or, I have to do other configuration?

Thanks to help.

Scott

Re: Remote Access to Inside of PIX via VPN

Sorry but I rarely use the PDM to configure the PIX and I do not have one to check that for the moment. Please check the Users Guide under:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_support_series_home.html

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/index.html

Let us take a look at the following scenario.

Topology:

Host A / Network A(inside) -- PIX A--- (outside) VPN Tunnel --- PIX B ---(inside) Server B = 192.168.1.4 / Network B

Lets presume that the VPN Tunnle is up and everything is working correctly.

a.) Host A should be able to connect to http://192.168.1.4:5500/oem on the Server B

If you have entered the "management-access inside" on PIX B you should be able to access the PDM from host A.

Of course network A and Network B have diffrent IP Networks, they cannot be in the same IP range.

Example: network A = 192.168.2.0/24

Example: network B = 192.168.1.0/24

hope that helps ?

sincerely

Patrick

178
Views
9
Helpful
3
Replies