Case Description: There is a PIX 501 firewall whose outside IP is assigned by DHCP server, while the inside is static 192.168.1.1. There are two computers behind this firewall (inside), with a private static IPs of 192.168.1.4 (Computer A) and 192.168.1.6 (Computer B), respectively. Now from Computer B, I go to its browser and enter http://192.168.1.1/startup.html, the PDM is started up. This is right, because the PIX 501 (inside) and the Computer B are on the LAN.
Now, let's do the same on a remote Computer C via VPN. First I connect the Computer C to the PIX 501 via already defined VPN. After the connection, from the Computer C (remote), I go to its browser and enter http://192.168.1.1/startup.html. Guess what--the PDM was never got launched. --Why? Or, Any configuration I did wrong?
Thanks to help.
(Here is what I udersatnd the VPN. After the connection via VPN, my remote computer will become part of the LAN. Therefore theorectically, if I can use Computer B to launch the PDM, I could also launch the same from Computer C, too, i.e., I should be able to access the inside interface of the PIX. But it failed to do so.)
You can not generally ping/telnet/ssh/http to a pix interface from a host connected off another interface. From computerB try browsing/pinging the PIX's outside interface, you won't be able to do it. This is the same as what you're trying to do with computerC on th eoutside interface (even over a VPN) and getting to the inside interface.
Now, luckily, because we figured lot's of people would have VPN's built to remote PIX's getting dynamic outside IP addresses, the developers added a command to allow you to get to the inside interface of a PIX, but only if you come in over a VPN. The command you want is:
Now you'll also need the "http ...." command, but I can't remember if you specify the inside or outside interface (you're actually connecting to the inside but coming from the outside), I think it's the inside if I remember correctly. Have a play around, but the management-access command will get you started anyway.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...