Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote Access to Inside of PIX via VPN

Case Description: There is a PIX 501 firewall whose outside IP is assigned by DHCP server, while the inside is static There are two computers behind this firewall (inside), with a private static IPs of (Computer A) and (Computer B), respectively. Now from Computer B, I go to its browser and enter, the PDM is started up. This is right, because the PIX 501 (inside) and the Computer B are on the LAN.

Now, let's do the same on a remote Computer C via VPN. First I connect the Computer C to the PIX 501 via already defined VPN. After the connection, from the Computer C (remote), I go to its browser and enter Guess what--the PDM was never got launched. --Why? Or, Any configuration I did wrong?

Thanks to help.


(Here is what I udersatnd the VPN. After the connection via VPN, my remote computer will become part of the LAN. Therefore theorectically, if I can use Computer B to launch the PDM, I could also launch the same from Computer C, too, i.e., I should be able to access the inside interface of the PIX. But it failed to do so.)

  • Other Security Subjects
Cisco Employee

Re: Remote Access to Inside of PIX via VPN

You can not generally ping/telnet/ssh/http to a pix interface from a host connected off another interface. From computerB try browsing/pinging the PIX's outside interface, you won't be able to do it. This is the same as what you're trying to do with computerC on th eoutside interface (even over a VPN) and getting to the inside interface.

Now, luckily, because we figured lot's of people would have VPN's built to remote PIX's getting dynamic outside IP addresses, the developers added a command to allow you to get to the inside interface of a PIX, but only if you come in over a VPN. The command you want is:

management-access inside

Now you'll also need the "http ...." command, but I can't remember if you specify the inside or outside interface (you're actually connecting to the inside but coming from the outside), I think it's the inside if I remember correctly. Have a play around, but the management-access command will get you started anyway.

This widget could not be displayed.