access remote PIX via LAN-LAN VPN

justinvo · ‎09-23-2002

Hi All,

Does anyone have any problems of accessing their remote PIX via the VPN or even remote PIX outside interface while the L2L VPN taken place ?

I'm currently having this problem. I can't ping nor SSH, PDM at all to the interfaces of the remote PIX although I can access hosts behind it.

My HW is VPN3015 with 3.5.2 at Central site and PIX 501 with 6.2(2) at remote site. Anyone can help or give me tips or even let me know how you manage your remote devices.

I need this quite desperately before rolling out up to 5 LAN-LAN VPN.

Thanks

Justin Vo

thisisshanky · ‎09-23-2002

This link might help:

http://www.cisco.com/warp/public/110/pdm_vpntun.html

Eventhough the above link, involves a VPN tunnel between 2 PIX firewalls (and in your case the tunnel is b/n a VPN 3015 and PIX) the basic idea behind the configuration is the same)

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

justinvo · ‎09-23-2002

I have already read this document and tried the concept but it still does not work. Once I get home, I will post the config of PIX. Hopefully someone can spot the problem.

Justin Vo

chlovell · ‎09-25-2002

lets say neta is a 10.1.1.0 and the outside interface of the pix is 12.1.1.1

netb is a 10.1.2.0 and the outside interface of 3015 is irrelevant

on neta pix you need to permit the outside interface to go to 10.1.2.0 or whatever host you need to have access pix for management. On the 3015 you must add a statement in network list to permit 10.1.2.0 to the neta pix outside interface