Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
3
Replies

PIX remote management

dougz
Level 1
Level 1

‎03-29-2005 11:51 AM - edited ‎02-21-2020 12:02 AM

Hello,

I am trying to configure remote management for a PIX 501 from my main office.

Here is the scenario:

Both PIX firewalls are running PIX OS 6.3(4) and PDM 3.0(2) software.

I have a static VPN tunnel between the main office and the remote site.

For illustration, the setup is as follows:

Main office firewall outside IP: 1.1.1.1

Main office firewall inside IP: 10.0.1.1

Remote office firewall outside IP: 1.1.1.2

Remote office firewall inside IP: 192.168.2.1

I have the command 'management-access inside' issued on the remote firewall and I can ping the firewall but I cannot open PDM on the remote firewall or telnet to it. Furthermore, I have telnet and http server access allowed to my firewall via the following commands:

telnet 10.0.0.0 255.0.0.0 outside

http 10.0.0.0 255.0.0.0 outside

Telnet and PDM work fine if I am on-site. What am I missing here?

Doug Zitzelsberger

dougz@lebanon-utilities.com

0 Helpful
3 Replies 3

Patrick Iseli
Level 7
Level 7

‎03-29-2005 12:19 PM

Have you tryed with this guide?

Accessing the PDM from an Outside Interface Over a VPN Tunnel:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_configuration_example09186a0080094497.shtml

sincerely

Patrick

0 Helpful

dougz
Level 1
Level 1
In response to Patrick Iseli

‎03-29-2005 02:40 PM

Ahh! I knew something like this existed; I just couldn't find it. Let me digest this and finish tomorrow. I'm 99.9% sure that this will solve the problem.

Thank you,

Doug.

0 Helpful

fedrodri
Level 1
Level 1

‎03-29-2005 12:41 PM

Hi, Doug

Yes, with the "management-access inside" statement you would be able to manage remotely the PIX, by telneting or accessing the PDM from the remote LAN, via the LAN2LAN VPN tunnel you've created. But, I believe that the correct statements are:

telnet 10.0.0.0 255.0.0.0 inside

http 10.0.0.0 255.0.0.0 inside

Even though the command reference specifically says that the "if_name" is the interface on which the host or network initiating the connection resides (like you have specify it), it does not seem to be the case for remote management over the VPN tunnels...

Hope that helps!

Federico Rodriguez

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card