Site to Site VPN allowing access to Citrix Server

Unanswered Question
May 26th, 2007
User Badges:

Hi NetPro

Trying to setup a Site to Site VPN to allow remote site access to the DMZ, checked Site could not find any Sample configuration using the "command line" any pointer on the Site or Sample configs will be appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
b.hsu Thu, 05/31/2007 - 11:09
User Badges:
  • Silver, 250 points or more

First configure NAT. After this the access-list x has to allow traffic comming from the dmz network to the remote site. example:

dmz net:

remote net:

Our acls must be

access-list nonat_dmz permit ip

nat (dmz) 0 access-list nonat_dmz

Then the sysopt connection permit-ipsec, is to allow traffic comming from outside to our inside networks.

sysopt connection permit-ipsec:

Implicitly permit any packet that came from an IPSec tunnel and bypass the checking of an associated access-list, conduit, or access-group command statement for IPSec connections.


This Discussion