Access to PIX PDM over vpn to inside interface

Discussion in 'Cisco' started by jimbob, Jun 30, 2006.

  1. jimbob

    jimbob

    Joined:
    Jun 30, 2006
    Messages:
    2
    Likes Received:
    0
    Hello,

    I wondering if somebody has already managed to set this up.

    Trying to get remote access to the PDM to mange a PIX.
    The pix itself has a webserver in the DMZ that offers https
    so that port (443) is already taken.
    So, in my browser if I go to :

    https://the_outside_live_public_ip_address_of_the_pix

    this returns the dmz webserver.

    I though of running the pdm on a different port
    but could not find a command to do that on the PIX
    (I can get to the cli remotely via ssh)

    On the Cisco website there is a document
    called "Accessing the PDM from an Outside Interface Over a VPN Tunnel"
    Which shows how to build a tunnel to the pix and then get
    access to the pdm over this.

    However, this is just access to the outside interface as well.
    (I was able to build the tunnel sucessfully)
    I am hoping to get access to the inside interface :

    1) Build the tunnel
    2) Then in my browser go to:
    https://The_private_inside_ip_address_of_the_pix

    Is there a reason why this would not be possible to do ?

    Many thanks for any suggestions or pointers.

    Jimbob
     
    jimbob, Jun 30, 2006
    #1
    1. Advertisements

  2. jimbob

    keshav

    Joined:
    Jun 6, 2006
    Messages:
    15
    Likes Received:
    0
    Is your management interface set to inside or outisde ? I believe in 6.3 version , you can access the pix using only one management interface either inside or outside.

    But verison 7.0 supports managing pix from both interfaces.

    Can you post your config so that we can know your crypto acl's for vpn is ok ?
     
    keshav, Jul 1, 2006
    #2
    1. Advertisements

  3. jimbob

    jimbob

    Joined:
    Jun 30, 2006
    Messages:
    2
    Likes Received:
    0
    Many thanks for your help.

    As I say I just followed the set up on the cisco
    web site :

    "Accessing the PDM from an Outside Interface Over a VPN Tunnel"

    http://www.cisco.com/en/US/products...s_configuration_example09186a0080094497.shtml

    This uses the following set up:

    [​IMG]

    The page says:
    "At this point, the PDM PC is able to go to https://10.1.1.2 and reach the PDM interface of PIX B over the VPN tunnel."

    However, I already use this address
    for a webserver in the dmz.
    So I would like to get to the inside interface over the tunnel.
    That is:
    https://192.168.10.1

    ( version 6.3 on the pixes)

    Maybe this interface is only accessible from the inside lan ?
    Although, the inside lan can usually access the
    pdm on the live address (which is kinda the reverse of what I'm
    trying to achieve)

    thanks again for any suggestions.

    Maybe there is a more straight forward way to approach this issue
    (of getting to the pdm remotely when you already have a device
    on the inside of the PIX that is
    NATed to the outside interface address on port 443 )

    Regards
    Jimbob
     
    jimbob, Jul 1, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.