Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
2
Replies

Site to Site VPN allowing access to Citrix Server

hashng
Level 1
Level 1

‎05-26-2007 03:16 AM

Hi NetPro

Trying to setup a Site to Site VPN to allow remote site access to the DMZ, checked cisco.com Site could not find any Sample configuration using the "command line" any pointer on the Site or Sample configs will be appreciated.

Regards

Hash

Labels:
0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎05-31-2007 11:09 AM

First configure NAT. After this the access-list x has to allow traffic comming from the dmz network to the remote site. example:

dmz net: 10.20.30.0

remote net: 10.20.40.0

Our acls must be

access-list nonat_dmz permit ip 10.20.30.0 255.255.255.0 10.20.40.0 255.255.255.0

nat (dmz) 0 access-list nonat_dmz

Then the sysopt connection permit-ipsec, is to allow traffic comming from outside to our inside networks.

sysopt connection permit-ipsec:

Implicitly permit any packet that came from an IPSec tunnel and bypass the checking of an associated access-list, conduit, or access-group command statement for IPSec connections.

0 Helpful

acomiskey
Level 10
Level 10
In response to b.hsu

‎05-31-2007 11:34 AM

Along with nat exemption, you must also add the interesting traffic to your crypto acl on both devices.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806a5cea.shtml

0 Helpful
Customers Also Viewed These Support Documents