This is what I have:
AAA Server (main office) PIX 515 PIX 501 Satellite office
My question is can the PIX 501 use the AAA server thru the tunnel? I have a couple of users that use the Cisco VPN client to connect to the
515 and get authenticated using the AAA server. But all the resources they use are in the Satellite office and I would like them to just establish the VPN to the 501.Thanks,
Shahid
In theory, Yes. I believe I've seen a cisco configuration example for that case (but I'm not sure I could find it now.)
Here is a Cisco example of paaing SNMP and syslog over a PIX VPN tunnel.
See no reason why AAA could not use similiar setup.
Monitoring Cisco Secure PIX Firewall Using SNMP and Syslog Through VPN Tunnel
Thanks for the replies. So far I have been unable to make it work. It works if I let the traffic go unencrypted between the remote PIX and the AAA server but as soon as the I add the respective source and destination IPs in my access list to be protected by the crypto map it quits working.
Will have to do some sniffing and troubleshooting to see what I'm doing wrong.
Thanks,
Shahid
Have you tried with: management-access inside ? Bye, Max.
try using the capture command on the PIX closest to the AAA server to capture the AAA packets.
You can set up and access list to go along with the capture command so that the capture can be restricted to just the AAA packets
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.