Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX and VPN

Status
Not open for further replies.
rtiv

rtiv

IS-IT--Management
Mar 12, 2002
142
US
I have a PIX506 at one of my remote branch offices which is an endpoint for a VPN tunnel configured on my PIX520 at my main office. I have a few questions:

I would like to get SNMP working from the remote office. Is that possible where the VPN is configured to go out via the "outside" interface ? How would I define an SNMP server on the remote PIX when that server IP address is a private 172.22.x.x address ? Can that be done ?

Also, I have the same situation when trying to define a TFTP server on the remote PIX to copy configs. Usually you have to define an interface in the command, and where the tunnel is configured via the outside interface, can I put a private address in ?

Any of this make sense ?

Thanks alot.

By the way, running 6.1(3) on both PIX's
 
Sort by date Sort by votes
On your SNMP question.

On both of your PIX access-lists, you have the network specified to encrypt through the tunnel. So from the remote office if you want to access anything on the main office, it will go through the tunnel.

Say the remote office network is 192.168.1.0 and main office network is 172.22.1.0, your access-list on the PIx should have those networks to be permitted over the tunnel. So if you are trying to poll something from the remote network, every traffic designated for the remote network will go over through the tunnel. So you can use a Private IP address for SNMP server.



 
Upvote 0 Downvote
rtiv, if I understand you correctly, you want to be able to tftp and snmp to your remote pix, securely. What you can do is set up a new tunnel, which goes from pix to pix, but instead of having the remote inside network as the destination, you have the pix external interface.
So, if you were to telnet to the remote pix external interface, this would match the criteria and a tunnel would be built, thereby allowing secure telnet to the machine. This goes for snmp and tftp as well.
No idea where the docs are, I'm sure theres one labelled snmp over vpn to pix or something :)

cheers.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
695
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
595
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
212
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
732
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
160
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top