Re: unable to connect to remote PIX from central network

justinvo · ‎09-23-2002

Hi all,

I have a VPN3015 at central site and a PIX501 at remote office. I have no problem of establishing LAN to LAN IPSec connection between two devices using either VPN client or the conventional way.

The problem is when the VPN is established, I can access any host behind the two devices but not the PIX itself. I need to access the remote PIX for future config changes.

I would like to know if this is possible or not and if anyone has done this successfully. I need to know this before rolling out about 5 remote sites.

The error

Much thanks

Justin Vo

mike-greene · ‎09-23-2002

Hi, SSH is the way to go.....

http://www.cisco.com/warp/public/110/authtopix.shtml#E

Hope this helps...

justinvo · ‎09-23-2002

Thanks for the tips.

Unfortunately this does not solve the problem. What I may have fogot to say is that I can't ping the interface at all nor access it via Telnet, PDM or SSH. Another I can get into the hosts behind PIX but not the PIX itself.

PIX version is 6.2(2) and VPN3015 is vpn3000-3.5.Rel-k9.bin

Is there any gotcha or ways of finding out why ?

thanks

Justin

mike-greene · ‎09-24-2002

Are you trying to ping the outside interface or the inside interface on the PIX? If your trying to ping the inside interface through the VPN tunnel that will not work. If you are unable to ping the outside interface and you know the site is up, you probably are not allowing icmp echo replys from the outside interface. The only way you can telnet to the outside interface of a PIX is through a VPN tunnel. This is much more confusing to setup then setting up SSH.