cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
387
Views
9
Helpful
3
Replies

Remote access to server behind Pix firewall

Rex Biesty
Level 1
Level 1

Hi

I need to give a remote support company access to a server behind our firewall. This company currently access 2 of our servers already by using public IP addresses which map to the servers private IPs. Unfortunately we have no public IPs left to do this again so need to think of another solution.

I set them up with VPN client s/w and added the follwing commands to the firewall

name 10.10.253.253 Metalogic_Support_Host

ip local pool Metalogic_Pool 10.10.253.253-10.10.253.253 mask 255.255.255.255

vpngroup Metalogic_Support address-pool Metalogic_Pool

vpngroup Metalogic_Support default-domain ***WITHHELD***

vpngroup Metalogic_Support idle-time 1800

vpngroup Metalogic_Support password ***WITHHELD***

access-list acl_mdc_inside_nat0 permit ip host Server1 host Metalogic_Support_Host

access-list acl_mdc_inside_nat0 permit ip host Server2 host Metalogic_Support_Host

access-list acl_mdc_inside_nat0 permit ip host Server3 host Metalogic_Support_Host

This worked fine apart from disconnecting them from their LAN which causes problems for them.

Is there a way of keeping them connected to their LAN whilst the VPN connection is active and if not is there another way of me giving them access.

We have a Cisco Pix 515e running s/w version 6.3

Any help will be greatly appreciated

Thanks

Rex

3 Replies 3

cpembleton
Level 4
Level 4

Turn on split tunneling. This should solve your problem. Create an ACL with the network/host you want to tunnel. Everthing else will not be tunneled.

vpngroup Metalogic_Support split-tunnel Access_List_Name

Hope this helps!

Chad

Pleae rate if this helps!

Thanks for the reply Chad. When you say 'Create an ACL with the network/host you want to tunnel' do you mean the network that they are accessing remotely or the LAN on which they sit? Thanks.

An ACL for the networks on your side of the tunnel. Networks in the ACL will be routed over the VPN. Anything not in the ACL will go out the VPN clients normal interface.

Thanks,

Chad

Please rate if this helps!

Review Cisco Networking for a $25 gift card