VPN and DMZ issue

Answered Question
Jun 29th, 2007
User Badges:

I have an ASA 5510 that have remote access VPN service enabled. Users are able to logon and access inside resources no problem. the issue is the DMZ servers, like the web server, they can not access. Is there and easy way to allow this access for VPN users?



Thanks

Correct Answer by acomiskey about 9 years 11 months ago

That will allow you to hit your dmz servers. For instance if the dmz is 192.168.1.0, you can hit the servers by their dmz addresses 192.168.1.x etc.


Your other option is to use split tunneling which would allow you to access the servers via their public ip addresses which are translated in the ASA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Fri, 06/29/2007 - 07:24
User Badges:
  • Green, 3000 points or more

You need to add nat exemption for the dmz as you did for the inside.


access-list dmz_nonat extended permit ip any

nat (dmz) 0 access-list dmz_nonat


Please rate helpful posts.

Correct Answer
acomiskey Fri, 06/29/2007 - 07:31
User Badges:
  • Green, 3000 points or more

That will allow you to hit your dmz servers. For instance if the dmz is 192.168.1.0, you can hit the servers by their dmz addresses 192.168.1.x etc.


Your other option is to use split tunneling which would allow you to access the servers via their public ip addresses which are translated in the ASA.

Actions

This Discussion