How to manage PIX through VPN?

Hi all,

PIX 7.0.2. I'd like to manage the PIX through the VPN. I tried specifying the inside interface being at the remote site but it didn't work. I thought to do as I already do for routers: specifying a "loopback" interface and doing a static NAT mapped onto an IP address belonging to range specified for the VPN. Usually in the routers I use the only subnet mask possible 255.255.255.255 Actually in the PIX I have no loopback interface and I saw only ethernetX:Y interfaces. After enabled one of those (say

10.10.10.10/30) I'd add a static nat between 10.10.10.10 and an IP belonging to LAN beyond the PIX. As I should do these changes through the tunnel (I'm using RDP to a machine beyond the PIX and from there I use ASDM) is this way the correct way?

TIA Alex.

inside interface being at the remote site

and doing a static NAT mapped onto an IP

interfaces. After enabled one of those (say

to LAN beyond the PIX.

beyond the PIX and from there I use ASDM) is

I'm just sort of thinking out loud here, hopefully it helps.

You could create a new VPN group with one user (you), it's own internal IP range (192.168.x.x or 10.x.x.x whatever your pix gives out to its clients directly behind it) and then set the admin interface to the inside interface and only allow connections from that VPN connection (with it's one IP address). Then you could VPN in and SSH/HTTPS to your PIX.

This is sort of how I do it on my setup except I only have a few clients behind my PIX (all trusted co-workers), they all get 192.168.x.x from my PIX 515e. I just set the admin interface to the inside and allow

192.168.x.x to be able to connect via SSH. So when I am out of the office I just VPN into the PIX, I get a 192.168.x.x address as if I were behind the PIX, and I am free to login and administer it.