Case Description: There is a PIX 501 firewall whose outside IP is assigned by DHCP server, while the inside is static 192.168.1.1. There are two computers behind this firewall (inside), with a private static IPs of 192.168.1.4 (Computer A) and 192.168.1.6 (Computer B), respectively. Now from Computer B, I go to its browser and enter http://192.168.1.1/startup.html, the PDM is started up. This is right, because the PIX 501 (inside) and the Computer B are on the LAN.
Now, let's do the same on a remote Computer C via VPN. First I connect the Computer C to the PIX 501 via already defined VPN. After the connection, from the Computer C (remote), I go to its browser and enter http://192.168.1.1/startup.html. Guess what--the PDM was never got launched. --Why? Or, Any configuration I did wrong?
Thanks to help.
(Here is what I udersatnd the VPN. After the connection via VPN, my remote computer will become part of the LAN. Therefore theorectically, if I can use Computer B to launch the PDM, I could also launch the same from Computer C, too, i.e., I should be able to access the inside interface of the PIX. But it failed to do so.)
1) The statement: management-access inside is to be issued from the CML. How can I do the same from the PDM's GUI interface? There should be an equivalent way of configuration from the PDM's GUI interface.
2) Suppose the management-access inside is issued. Now there is an Oracle Enterprise Manager installed on Computer A (with a private local IP of 192.168.1.4 as in the Case Description). Now I want to launch the tool from a remote PC via VPN tunnel, so I'll enter to the browser http://192.168.1.4:5500/oem. Can I do this? Or, I have to do other configuration?
The statement `mangement-access inside' is a configuration command that's applied to the PIX. It enables VPN users to have telnet and ping access to the PIX, as described in Cisco knowledge base article K17708166.
I needed this command when setting up a LAN to LAN tunnel between 2 sites, initially I was only using telnet to the PIX CLI.
Later I used PDM for ongoing management, so after reading the reply by Jackko and that KB article again I'm not sure if this command actually enabled PDM to work across the tunnel.
Now, this is interesting, not so long ago I tried to access the PDM via L2L tunnel but no luck BUT when I enabled 'management-access inside' - BINGO! I could access PDM. So, not too sure on Jack Ko's answer as he his saying that you don't need the keyword 'management-access inside'.
"assuming the remote vpn is working normally, http://192.168.1.4:5500/oem will work regardless whether the command "management-access inside" enabled or not.
the command "management-access inside" is merely used for managing the pix over ipsec."
i said that http://192.168.1.4:5500 will work regardless the command "management-access inside". now http://192.168.1.4:5500 is an internal host not the pix itself. and with the second paragraph, i pointed out that the command "management-access inside" is used for managing the pix.
would you please explain which part of my post went wrong? thanks in advance.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...