I'm trying to setup an SSL VPN box within a DMZ using a PIX 515.
Basically I've setup the SSL box with a DMZ IP and NAT'd this to an external IP. I've put the following ACLs in:
access-list INCOMING permit tcp any object-group SSL_BOX object-group WEB_BROWSING_PORTS
access-list DMZ permit tcp host 172.17.1.100 object-group INTRANET_SERVERS eq www
access-list DMZ permit tcp host 172.17.1.100 object-group DOMAIN_CTRLRS object-group DC_PORTS
access-list DMZ permit tcp host 172.17.1.100 object-group CITRIX_SERVERS object-group CITRIX_PORTS
access-list DMZ deny ip any any
However, I can get to the SSL box externally, but it's not passing from there to the internal LAN.
I've done a show ACL DMZ, but the hit count on all entries is 0. Is there a way I can troubleshoot this to see where it's getting held up. I've tried viewing on a SYSLOG server with a DEBUG ACL but it's not helping much.
any help much apprec.