crypto map 3005 10 set peer <vpn-concentrator public ip>
crypto map 3005 10 set transform-set konc3005
crypto map 3005 interface outside
isakmp enable outside
isakmp key ******** address <vpn-concentrator public ip> netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 28800
telnet <Ip networks on main office>
All normal LAN2LAN-traffic works fine, the users on remote office can use network resources on main office. BUT. I want to be able to manage the Pix configurations from the main office. Right now I cant even ping the pix inside interface from the concentrator GUI or whichever host on main office LAN.
One thing that I have noticed is that the remote office LAN ip doesnt show up in the concentrator routing table (when the tunnel is up ofcourse). Maybe it should be? But still, the normal lan2lan-traffic initiated from the remote office LAN pc:s to the main office servers works great...
I need to be able to telnet to the pix from main office. Of course the concentrator cannot initiate a tunnel because the pix had dynamic ip:s, but if I was able to communicate with the pix and remote office PC:s from main office while the tunnel is already up, it would be great.
I have been told that this should be possible but I cant find any information about what I am doing wrong. So please help me solve this problem, you gurus!
Can you ping the inside interface of the PIX from the main office when the tunnel is up?
If not, then you probably have a routing problem and you need to add a route on your main office network for each of the remote site subnets. This is usually as simple as adding a static route on your router inside the 3000, pointing the next hop to the 3000 private interface address, then distribute those static routes into whatever routing protocol you're running.
If you can ping, then routing and connectivity is OK, and you probably have your "telnet" command in the PIX wrong. What interface have you specified in the "telnet" command, you don't show that in your config. I can't remember whether you have to put "inside" or "outside", I did this about 6 months ago and remember having to play around with it some to get it working properly.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :