PIX telnet to inside interface possible?

chuck_deng · ‎01-18-2002

I have deployed several PIX501s and PIX506s, all connected via IPSec VPN to a 3005 Concentrator. I would like to telnet over the VPN tunnel directly to the PIX inside interface, but can't seem to make it work. Is there a way around this? Or what is a better way to manage and troubleshoot many remote PIXes? Right now I'm telneting to a device beyond the remote PIX and telneting back to the inside interface. But not all sites have a device I can telnet to and back the PIX. Any hints? Thanks in advance.

--Chuck Deng

chuck_deng@woodteam.com

m-raft · ‎01-18-2002

Chuck,

You can use SSH to get to the outside interface of the remote PIXs or you can use PDM over the VPN tunnel to manage them. I have used both and prefer the command line interface with SSH. There is a document on how to use PDM on the CISCO web site. The url is http://www.cisco.com/warp/public/110/pdm_vpntun.html.

Hope that helps.

Mike

chuck_deng · ‎01-21-2002

Thanks. The SSH is working great.

--chuck

ajd · ‎01-20-2002

add your network via the telnet command. But as the other gentleman suggested look up PIX Device Manager. Its a GUI mgt system thats great for multiple pix's. There is not alot of VPN stuff in it yet, but you will be able to do most of your day to day.

remember when you add the network for telnet summarize it if its not on the same network as the the inside interface, otherwise it sees you as foreign.

-ne1secure?

chuck_deng · ‎01-21-2002

Thanks for your advise. I'll give it a try.

--chuck

dante-martins · ‎01-22-2002

I have the same problem . I wanna to get access to the PIX from inside. I've added the telnet command an still no working. Need I to add some conduits?? When the IPsec-tunnel was created I've created the conduits (conduit permit ip . for telnet:

telnet mask inside.

Some idea??

Dante