Pix-Site-to-Site VPN, no ping, pix-interfaces

[martinp05]

Hello!

I established a site-to-site vpn between a pix and a cisco-router. the vpn-works fine. All the protected networks can reach each other (within this vpn everything is configured with nonats).

but i am not able to ping the internal interfaces of the pixes through the vpn.
For example: i have one server behind the pix. From this server i want to reach (snmp,ping) one interface of the other pix (through the vpn).

has someone a solution or a tip?

best regards
martin

----------------------------------
Martin Peinsipp, Austria
CCSA,
IT-Security-Administrator

 

[LloydSev]

You are only able to ping the interface in which is facing you on a PIX. For example, your VPN connects to the "outside" interface, so you will not be able to ping the inside or DMZ interface.

Computer/Network Technician
CCNA

 

[martinp05]

Hello!

Thank you for your answere.
So if i want to monitor the firewall, i only can do this over the outside-interface.I can not monitor it through the vpn. I have to do this over the outside-interface with its public ip?

Martin

----------------------------------
Martin Peinsipp, Austria
CCSA,
IT-Security-Administrator

 

[LloydSev]

Yes, you can only ping the interface of which you are connected.

If you need to ping the inside interface.. then using a remote administration utility to get into a machine on the inside LAN would let you ping the inside interface.

Computer/Network Technician
CCNA

 

[martinp05]

hello,
ok, thank you.

martin

----------------------------------
Martin Peinsipp, Austria
CCSA,
IT-Security-Administrator

 

[lgarner]

If you can connect to one interface, you can monitor it all. If you want to know whether the other interfaces are up, you can use SNMP or ping the nearest connected device past the interface.