I have a PIX 515 connecting to a VPN3015 via a site to site tunnel. All communciations is working fine except I can't remotely connect to the inside interface via either SSH or SNMP. I have already configured the management-access inside for the PIX. SSH and SNMP work fine while your own the same IP segment as the PIX firewall but the moment you step accross the tunnel you are denied.
I do not believe that you can access the pix's inside interface address via a packet arriving on the outside interface. What I would do is one of these:
1. Allow ssh and snmp requests to terminate on the outside interface of the pix.
2. Grant remote access from the outside to an internal terminal server. Then launch a session from the terminal server to the pix. This is what I call indirect management.
The 2nd way is more secure as you have to have access to an internal network device prior to accessing the pix. However the drawback is that it relies on the pix's internal interface to work properly.
But no matter what case you use, if you cannot access the AAA server that performs authentication, you may not create the vpn session to the 3015 anyway - thus the purpose of troubleshooting the pix from a remote location can be defeated under this circumstance. However if you have local user accounts created on the 3015 and the pix for this case, you may be able to configure the 3015 to handle two classes of users, similar to setting up two different vpngroups on the pix.
Let me know if this helps, or if you need more assistance.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...