Accessing DMZ through a SSL VPN

Unanswered Question
Feb 12th, 2007

Hello,

I set up WebVPN on a 1811 router. It works fine to access the LAN (10.1.114.0/24), but I am unable to join the DMZ (192.168.22.0/24), whereas it works if I am physically connected to the LAN so I don't think it comes from my ACLs ! I can't understand why... I guess something dealing with tcp sessions, not "recognized" properly when coming from the VPN ? Here is the result of a "debug ip packet" from my SSL VPN connection to a mail server in the DMZ :

Feb 12 15:49:26.204: IP: tableid=0, s=10.1.114.146 (local), d=192.168.22.7 (Vlan22), routed via FIB

Feb 12 15:49:26.204: IP: s=10.1.114.146 (local), d=192.168.22.7 (Vlan22), g=192.168.22.7, len 48, forward

Feb 12 15:49:26.204: TCP src=2086, dst=25, seq=854948936, ack=0, win=65535 SYN

Feb 12 15:49:26.204: %SEC-6-IPACCESSLOGP: list 102 denied tcp 192.168.22.7(25) -> 10.1.114.146(2086), 1 packet

Feb 12 15:49:26.204: IP: s=192.168.22.7 (Vlan22), d=10.1.114.146, len 48, access denied

Feb 12 15:49:26.204: TCP src=25, dst=2086, seq=2435898321, ack=854948937, win=5840 ACK SYN

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thomas.chen Fri, 02/16/2007 - 12:55

The security appliance receives the packet and because it is a new session, the security appliance verifies that the packet is allowed according to the terms of the security policy (access lists, filters, AAA) and check if you have applied a NAT policy.

Actions

This Discussion