02-17-2003 07:46 PM - edited 02-20-2020 10:33 PM
What I want to setup is a LAN to LAN VPN connection between a PIX 501 and a VPN 3000 Concentrator. So far, I can get the VPN established and host to host connectivity is working. The only problem I have is that I would like to get a PC from the central office to access the Internal interface of the PIX 501 (remote network).
I have follow strictly the documentation provided by TAC.
http://www.cisco.com/warp/customer/471/ALTIGA_pix.html
http://www.cisco.com/warp/customer/471/pix501506_vpn3k.html
PCB ---PIX-----Internet----VPN3000----PCA
I can get
* PCA can ping and telnet to PCB
* PCB can ping and telnet to PCA
* PCA can't ping or telnet to PIX 501's internal interface
The software version is PIX=6.22 and VPN3000=3.5.2
Please advise if this is possible and perhaps a solution for this problem.
Much thanks and appreciated.
02-18-2003 07:27 AM
Hi,
guess you want to manage the PIX from PCA, don't you? You have to define a VPN-Tunnel from PCA to outside interface of the PIX. Then allow telnet or ssh or pdm access from PCA on inteface outside. This seems to be unsecure but as far as I know, this is the only way to manage the pix through VPN-tunnel.
Hope this helps
Norbert
02-20-2003 11:53 AM
Hi,
You cannot access the inside interface of the Pix through an IPSec tunnel. Couple of options:
1. You can telnet from PCA to PCB and then telnet from PCB to the inside of Pix.
2. Add the outside ip address of the Pix to the interesting traffic. That is , network behind the VPN3000 to the outside ip address of the Pix. Again, this is for telnet access to the outside interface.
3. Configure SSH on the outside interface for remote management.
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide