02-10-2004 05:37 AM
Hi there,
I have a setup where a PIX501 works as a VPN-client up against my central VPN3000 concentrator (LAN-2-LAN mode with NAT-T).
The pix's outside interface is behind an ISP-managed firewall at the remote end, and it obtains it IP-address via DHCP.
So far so good. This setup works briliantly.
The problem is, that I can't ssh/telnet to the PIX's outside interface because of this setup.
Would it be possible to ssh/telnet to the remote pix's _inside_ interface?
I imagine some bidir NAT stuff, but I can't get it to work.
Any ideas?
:O) Mikkle
Solved! Go to Solution.
02-10-2004 11:54 PM
this is possible by the commands:
management-access inside
this works fine as i have used it as long as inside interface is included in all crypto config
sam
02-10-2004 07:23 AM
what do you have for ssh statements on the remote pix? generally the outside ip of the firewall is not included in the crypto map statements, so its traffic is not tunnelled.
02-10-2004 11:54 PM
this is possible by the commands:
management-access inside
this works fine as i have used it as long as inside interface is included in all crypto config
sam
02-11-2004 12:26 AM
You're right, it works!
That was the missing command.
Cheers!
:O) Mikkle
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide