cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
884
Views
5
Helpful
3
Replies

Management-access pix command

l.cabral
Level 1
Level 1

Hi,

Can somebody explain the meaning of the pix command:

management-access inside

or

management-access outside

I red the command reference but it's not clear why this command is useful.

Somebody knows?

Regards,

chabral

3 Replies 3

athompson
Level 1
Level 1

mostiguy
Level 6
Level 6

For IPSec tunnels, you include the internal ip blocks in the crypto access lists - assume that 192.168.0.0/24 is in use at the remote site, and 192.168.0.1 is the inside interface of the remote pix. You cannot normally managed the pix by the ip address of the inside interface. This is especially troubling when the outside ip address is not included in the crypto access-lists (which is a good idea, as it may change, you might just not want it included, etc). To manage the remote pix, you then would either need to open ports in the firewall(s) to allow communication to the outside ip address, or adjust your crypto acl.

With the management access command, you can use the internal ip address for management purposes - ssh, snmp, etc. This is much cleaner to work with, as all mgmt traffic is included in the crypto acl that covers the entire site's internal netblock

Imagine you have 10 remote sites:

1.2.3.4 192.168.1.1

2.3.4.5 192.168.2.1

3.4.5.6 192.168.3.1

4.5.6.7 192.168.4.1

5.6.7.8 192.168.5.1

12.34.45.56 192.168.6.1

23.34.45.56 192.168.7.1

34.45.56.67 192.168.8.1

45.56.67.78 192.168.9.1

123.234.123.234 192.168.10.1

with the first ip being the outside, and the 2nd being the inside - it is much easy to remember each site by the internal ip address, rather than the often random external ip address.

So, for both configuration, and ease of remembrance purposes, the management-access command is handy

Now i see the point. I never had the case until now, but this is a "must have".

Thanks,

chabral

Review Cisco Networking for a $25 gift card