Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pix506e remote monitoring


  • Please log in to reply

#1
dfeller

dfeller

    Member

  • Member
  • PipPip
  • 65 posts
No - don't panic, this is not a professional inquiry. I'm a volunteer IT guy at my local Church. I happen to have a Pix506e lying around and thought I'd throw it in.
It is all up and running, VPN works, seems solid and firewall is functional.

What I would like to do is use PDM to access the "web based" monitor panel that is normally only accessible on the inside interface - remotely. Seems logical that I VPN in and then put in the IP address (as if I were inside) but when VPNd in, it cannot see the ip of the inside eth port. I'm missing a setting somewhere. Any Pix experts out there?

On a side note, the same PIX was pretty unstable - locking up randomly after 2 to 15 minutes - all ports, even console. It hadn't been powered up in at least 4 years prior to this week. So I opened it up, reseated the memory and processor, and it has now been stable all day. Any opinions on the reliability now (given this little information) or if it becomes a critical link in the network should I be throwing down $300 for a new one?

dfeller
  • 0

Advertisements


#2
dfeller

dfeller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Like so many things in life, I figured this one out. It seems strange to answer my own question, but in case this ever comes up again, now it is documented.

This kind of feels like writing something for a time capsule that no-one else will ever read -

So:
PIX issues:
Can't access Pix Device Manager when VPNd in from the outside -

Solution: Actually it took two:
1) Put the VPN "pool" in a different subnet (my main internal is 192.168.0.x and now the vpn internal pool is 192.168.10.x - AND I have allowed routes between the two - so VPNd in clients can see internal hosts
2) Although the http command must be issued to allow http access from both internal and vpnd hosts (http inside 192.168.0.0 255.255.255.0 and http inside 192.168.10.0 255.255.255.0) you also have to specifically tell the PIX to allow PDM access from the inside interface or it filters out the VPNd clients - although they now look like they are inside they are not and the pix know it. So you simply give it a management-access inside command

Name resolution - the second part of the issue, is only resolved if you are running a domain - the dns on the domain now runs internal name resolution as well (that all used to be the wins stuff but that dies off in favor of a single system) - so if all clients - even the vpnd ones use the internal DNS instead of - say googles open dns you should be able to resolve by hostname.

uh - that was fun.

dfeller
  • 0

#3
dfeller

dfeller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Ah - and the instability? Who knows, the thing had been sitting for 4 years (at least) without being powered on. So, I reset the bios (just like in a PC there is a jumper), removed, cleaned and reseated both the memory and processor, and all seems good now - has been running stable for over a week.

I've got the most secure easy chair around - the enterprise grade firewall is protecting only my laptop!

dfeller
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP