06-25-2003 07:17 AM - edited 02-21-2020 12:38 PM
How to configure the VPN client which is already been assigned local pool by the PIX VPN to use the PDM thru the outside interface?
ANy sample config.I tried it following Cisco website config but seems like it not working.Do I need to open any ssl ports on the PIX?
06-25-2003 08:02 AM
You can connect to the interal IP address of the Pix over a VPN tunnel using Pix 6.3+ by using this feature:
management-access inside
06-26-2003 03:30 AM
Whag if I 'm using 6.2?
06-26-2003 04:31 AM
Sounds strange, but you have to access PDM by the outside interface over the VPN tunnel.
Here's an example:
http://www.cisco.com/warp/customer/110/pdm_vpntun.html
6.3 is needed as mentioned to access the inside interface over the VPN tunnel. Prior to this, management traffic to the inside interface is not permitted by design. 6.3 allows for this default policy to be changed.
Hope this helps,
peter
06-27-2003 08:58 AM
Well,the example i had tried it b4 and is not working.
Is it mean the connected VPN client on the outside interface will not be able to use the PDM(GUI) if the PIX version is less than 6.3.
Or should I allow any SSL port to go thru from the outside interface.
06-28-2003 09:08 AM
I have tested with this configuration a Site to Site VPN and have successfully accessed the outside interface to use PDM without having to open the Pix to permit SSL in from all networks on the outside.
I have not tried the VPN client as you mention you are using.
If you did upgrade to 6.3 on the Pix, you will be able to turn on the management-interface and use PDM with success.
I will try with 6.2 and earlier to VPN to the outside with a VPN client and attempt to use PDM with the sample configuration provided.
peter
06-29-2003 12:00 PM
I tried a simple client VPN configuration with the above link you tried in mind.
I did not have success using PDM to the outside interface.
As expected, this link is useful if the VPN is Site to Site.
I would upgrade your PIX to 6.3 and give the management interface command a try. This command was implemented to satisfy needs such as yours.
Hope this info helps,
peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide