Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
2
Replies

query regarding vpn site to site and dmz access

monkeyboy
Level 1
Level 1

‎02-15-2007 05:19 AM - edited ‎03-11-2019 02:33 AM

Hello, we need to access our extranet DMZ remotely via VPN and are having some problems getting this to work.

The endpoints of the vpn are two pixes - one of which has the extranet dmz residing on it (see attached diagram)

The vpn is setup fine and can pass traffic site-to-site ok. The problem is when we try from the remote end to reach a network off the dmz - we get traffic encrypted but none coming back

I presume this can be done but is there any special config to do this - same security etc..

Any help would be much appreciated

cheers

Labels:
Preview file
1460 KB
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎02-15-2007 05:56 AM

In your london pix, you need to have the dmz part of your interesting traffic acl as well as a nat (DMZ) 0 acl, just like you did for you inside networks.

access-list DMZ_nat0_outbound permit ip

nat (DMZ) 0 access-list DMZ_nat0_outbound

0 Helpful

monkeyboy
Level 1
Level 1
In response to acomiskey

‎02-15-2007 07:07 AM

one more thing to muddy the waters a little

the end server does not reside on the dmz - rather the router that allows access to it is (as I say it's a partner network)

we policy pat connections on the london firewall going out to the destination..

would this have an impact with the nat 0 needed for ipsec?

many thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card