Accessing DMZ through a SSL VPN

Unanswered Question
Feb 12th, 2007


I set up WebVPN on a 1811 router. It works fine to access the LAN (, but I am unable to join the DMZ (, whereas it works if I am physically connected to the LAN so I don't think it comes from my ACLs ! I can't understand why... I guess something dealing with tcp sessions, not "recognized" properly when coming from the VPN ? Here is the result of a "debug ip packet" from my SSL VPN connection to a mail server in the DMZ :

Feb 12 15:49:26.204: IP: tableid=0, s= (local), d= (Vlan22), routed via FIB

Feb 12 15:49:26.204: IP: s= (local), d= (Vlan22), g=, len 48, forward

Feb 12 15:49:26.204: TCP src=2086, dst=25, seq=854948936, ack=0, win=65535 SYN

Feb 12 15:49:26.204: %SEC-6-IPACCESSLOGP: list 102 denied tcp ->, 1 packet

Feb 12 15:49:26.204: IP: s= (Vlan22), d=, len 48, access denied

Feb 12 15:49:26.204: TCP src=25, dst=2086, seq=2435898321, ack=854948937, win=5840 ACK SYN

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thomas.chen Fri, 02/16/2007 - 12:55

The security appliance receives the packet and because it is a new session, the security appliance verifies that the packet is allowed according to the terms of the security policy (access lists, filters, AAA) and check if you have applied a NAT policy.


This Discussion