Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pix506e remote monitoring

Started by dfeller , May 13 2010 02:56 AM

  • Please log in to reply

#1
dfeller
Posted 13 May 2010 - 02:56 AM

dfeller

    Member

  • Member
  • PipPip
  • 65 posts
No - don't panic, this is not a professional inquiry. I'm a volunteer IT guy at my local Church. I happen to have a Pix506e lying around and thought I'd throw it in.
It is all up and running, VPN works, seems solid and firewall is functional.

What I would like to do is use PDM to access the "web based" monitor panel that is normally only accessible on the inside interface - remotely. Seems logical that I VPN in and then put in the IP address (as if I were inside) but when VPNd in, it cannot see the ip of the inside eth port. I'm missing a setting somewhere. Any Pix experts out there?

On a side note, the same PIX was pretty unstable - locking up randomly after 2 to 15 minutes - all ports, even console. It hadn't been powered up in at least 4 years prior to this week. So I opened it up, reseated the memory and processor, and it has now been stable all day. Any opinions on the reliability now (given this little information) or if it becomes a critical link in the network should I be throwing down $300 for a new one?

dfeller
  • 0

Advertisements

#2
dfeller
Posted 17 May 2010 - 08:21 AM

dfeller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Like so many things in life, I figured this one out. It seems strange to answer my own question, but in case this ever comes up again, now it is documented.

This kind of feels like writing something for a time capsule that no-one else will ever read -

So:
PIX issues:
Can't access Pix Device Manager when VPNd in from the outside -

Solution: Actually it took two:
1) Put the VPN "pool" in a different subnet (my main internal is 192.168.0.x and now the vpn internal pool is 192.168.10.x - AND I have allowed routes between the two - so VPNd in clients can see internal hosts
2) Although the http command must be issued to allow http access from both internal and vpnd hosts (http inside 192.168.0.0 255.255.255.0 and http inside 192.168.10.0 255.255.255.0) you also have to specifically tell the PIX to allow PDM access from the inside interface or it filters out the VPNd clients - although they now look like they are inside they are not and the pix know it. So you simply give it a management-access inside command

Name resolution - the second part of the issue, is only resolved if you are running a domain - the dns on the domain now runs internal name resolution as well (that all used to be the wins stuff but that dies off in favor of a single system) - so if all clients - even the vpnd ones use the internal DNS instead of - say googles open dns you should be able to resolve by hostname.

uh - that was fun.

dfeller
  • 0

#3
dfeller
Posted 17 May 2010 - 08:23 AM

dfeller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Ah - and the instability? Who knows, the thing had been sitting for 4 years (at least) without being powered on. So, I reset the bios (just like in a PC there is a jumper), removed, cleaned and reseated both the memory and processor, and all seems good now - has been running stable for over a week.

I've got the most secure easy chair around - the enterprise grade firewall is protecting only my laptop!

dfeller
  • 0
Back to Networking · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Hardware
  3. Networking

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP