cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
443
Views
5
Helpful
6
Replies

VPN client accessing PDM interface

ddicky
Level 1
Level 1

How to configure the VPN client which is already been assigned local pool by the PIX VPN to use the PDM thru the outside interface?

ANy sample config.I tried it following Cisco website config but seems like it not working.Do I need to open any ssl ports on the PIX?

6 Replies 6

shannong
Level 4
Level 4

You can connect to the interal IP address of the Pix over a VPN tunnel using Pix 6.3+ by using this feature:

management-access inside

Whag if I 'm using 6.2?

Sounds strange, but you have to access PDM by the outside interface over the VPN tunnel.

Here's an example:

http://www.cisco.com/warp/customer/110/pdm_vpntun.html

6.3 is needed as mentioned to access the inside interface over the VPN tunnel. Prior to this, management traffic to the inside interface is not permitted by design. 6.3 allows for this default policy to be changed.

Hope this helps,

peter

Well,the example i had tried it b4 and is not working.

Is it mean the connected VPN client on the outside interface will not be able to use the PDM(GUI) if the PIX version is less than 6.3.

Or should I allow any SSL port to go thru from the outside interface.

I have tested with this configuration a Site to Site VPN and have successfully accessed the outside interface to use PDM without having to open the Pix to permit SSL in from all networks on the outside.

I have not tried the VPN client as you mention you are using.

If you did upgrade to 6.3 on the Pix, you will be able to turn on the management-interface and use PDM with success.

I will try with 6.2 and earlier to VPN to the outside with a VPN client and attempt to use PDM with the sample configuration provided.

peter

I tried a simple client VPN configuration with the above link you tried in mind.

I did not have success using PDM to the outside interface.

As expected, this link is useful if the VPN is Site to Site.

I would upgrade your PIX to 6.3 and give the management interface command a try. This command was implemented to satisfy needs such as yours.

Hope this info helps,

peter