RE: How to manage the pix 501 remotely via telnet or pdm [7:52845]

[Paul Forbes]

Repeat after me, "the PIX is not a router." ;-)

In other words, the PIX has no concept of a source interface for
management traffic. Check your logs and you'll see...interesting
decisions by the PIX in response to your attempt. The easy, temporary
solution? Try 'ssh  255.255.255.255 outside'.

Perhaps longer term solutions to remote management lie somewhere within
the features of scp (a la IOS 12.2T), Easy VPN, Auto Update,
certificates and SSL-enabled PDM. Throw in a dash of SNMPv3 and we might
actually have a solution, but I'm afraid we're still going to need that
source-interface.

Cheers all.

Paul Forbes
Network Engineer
Trimble

> -----Original Message-----
> From: mindiani mindiani [mailto:[EMAIL PROTECTED]] 
> Sent: Friday, September 06, 2002 2:20 PM
> To: [EMAIL PROTECTED]
> Subject: How to manage the pix 501 remotely via telnet or pdm 
> [7:52825]
> 
> 
> Hi  I just installed two PIX 501 with vpn tunnel over the 
> internet for my
> client and I would like to allow telnet and pdm from one site to the
> other. The tunnels are up and I able to send traffic in both 
> directions
> but I cannot telnet into the remote Pix from my PC.I tried 
> the following
> command: telnet 172.16.1.2  255.255.255.255 outside  This 
> command would
> not allow my PC (IP address172.16.1.2) to telnet to the 
> remote site but I
> am able to telnet to my servers behind the PIX. i have the 
> same problem
> with PDM. 
> 
> --------------------------------------------------------------
> ----------
> 
> Join the worlds largest e-mail service with MSN Hotmail. Click Here
> Report misconduct 
> and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=52845&t=52845
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]