Telnet access to PIX across a VPN

[Balthal]

Hi,

I've got a setup where I have a PIX 515 at one site and a 506 at another site. The PIX are configured with a VPN tunnel that works perfectly.

The only problem I'm having is enabling telnet access on the 506 (inside address 10.2.0.1/16) so that I can connect to it from 515 network (inside address 10.1.0.1/16).

I think I've added the correct telnet and access list commands but they don't appear to be working (and I don't have them to hand at the mo )

Any help would be greatly appreciated.

TIA

 

[yizhar]

HI.

The pix will not let you access its own inside interface from the outside (including VPN tunnel), so you need to find the way to access the outside interface.

You can use SSH - This will give you management access even if the VPN tunnel does not work.

You can also use Telnet, just remember that you access the outside interface of the pix.
Here is a sample config:

(Add this on the 506)
telnet 10.1.0.0 255.255.0.0 outside
(Add this to the acl used for interesting VPN traffic on 506
access-list ??? permit host PIXOUTSIDE 10.1.0.0 255.255.0.0

(Add this to the acl used for interesting VPN traffic on 515
access-list ??? permit 10.1.0.0 255.255.0.0 host PIXOUTSIDE


See this document, just substitute PDM with TELNET:

http://www.cisco.com/warp/public/110/pdm_vpntun.html

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[Balthal]

Thanks for the info - I'll give it a try and see how it goes.