How to manage PIX through VPN?

Hi all,
PIX 7.0.2. I'd like to manage the PIX through the VPN. I tried specifying the
inside interface being at the remote site
but it didn't work.
I thought to do as I already do for routers: specifying a "loopback" interface
and doing a static NAT mapped onto an IP
address belonging to range specified for the VPN.
Usually in the routers I use the only subnet mask possible 255.255.255.255
Actually in the PIX I have no loopback interface and I saw only ethernetX:Y
interfaces. After enabled one of those (say
10.10.10.10/30) I'd add a static nat between 10.10.10.10 and an IP belonging to
LAN beyond the PIX.
As I should do these changes through the tunnel (I'm using RDP to a machine
beyond the PIX and from there I use ASDM) is
this way the correct way?
TIA Alex.
Reply to
AM
Loading thread data ...
inside interface being at the remote site
and doing a static NAT mapped onto an IP
interfaces. After enabled one of those (say
to LAN beyond the PIX.
beyond the PIX and from there I use ASDM) is
I'm just sort of thinking out loud here, hopefully it helps.
You could create a new VPN group with one user (you), it's own internal IP range (192.168.x.x or 10.x.x.x whatever your pix gives out to its clients directly behind it) and then set the admin interface to the inside interface and only allow connections from that VPN connection (with it's one IP address). Then you could VPN in and SSH/HTTPS to your PIX.
This is sort of how I do it on my setup except I only have a few clients behind my PIX (all trusted co-workers), they all get 192.168.x.x from my PIX 515e. I just set the admin interface to the inside and allow 192.168.x.x to be able to connect via SSH. So when I am out of the office I just VPN into the PIX, I get a 192.168.x.x address as if I were behind the PIX, and I am free to login and administer it.
Reply to
Nicholas DePetrillo

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.