Solved: Re: Remote admin of a PIX running as VPN client

mikkle · ‎02-10-2004

Hi there,

I have a setup where a PIX501 works as a VPN-client up against my central VPN3000 concentrator (LAN-2-LAN mode with NAT-T).

The pix's outside interface is behind an ISP-managed firewall at the remote end, and it obtains it IP-address via DHCP.

So far so good. This setup works briliantly.

The problem is, that I can't ssh/telnet to the PIX's outside interface because of this setup.

Would it be possible to ssh/telnet to the remote pix's _inside_ interface?

I imagine some bidir NAT stuff, but I can't get it to work.

Any ideas?

:O) Mikkle

ciscoacs · ‎02-10-2004

this is possible by the commands:

management-access inside

this works fine as i have used it as long as inside interface is included in all crypto config

sam

View solution in original post

mostiguy · ‎02-10-2004

what do you have for ssh statements on the remote pix? generally the outside ip of the firewall is not included in the crypto map statements, so its traffic is not tunnelled.

ciscoacs · ‎02-10-2004

this is possible by the commands:

management-access inside

this works fine as i have used it as long as inside interface is included in all crypto config

sam

mikkle · ‎02-11-2004

You're right, it works!

That was the missing command.

Cheers!

:O) Mikkle