We have a LAN-to-LAN VPN tunnel from a PIX in a branch office to VPN concentrator on our network. We are basically extending our LAN to the branch! All the traffic that they generate goes into that tunnel and comes to us.
So everything generated from "130.1.x.x" going to "any" is put in the tunnel.
access-list VPN permit ip 130.1.0.0 255.255.0.0 any
In the opposite way, traffic from "any" comming to 130.1.x.x is expected to be encrypted and comming from the tunnel. If it is not - it's dropped!
I am not sure if that's what is happening to my ssh traffic, even though its destination is a 65.x.x.x address -> the outside IP of the PIX. I do have an ssh statement in the config allowing me to enter the outside port. Actually i have a telnet and ssh statement allowing me access to the inside interface as well, with no success! I was hoping that it would work like a router and let me in through the inside int even though i'm comming from outside interface (through the tunnel) but it doesn't!
The only way i can get to the PIX is to telnet to a switch behind it and from the switch telnet back to the PIX inside interface.
Is there any way that i could get directly to the PIX without altering the VPN Tunnel configuration?
Thanks, Todd