allow VPN traffic on DMZ

Unanswered Question
Sep 1st, 2007
User Badges:

i was wondering if i could allow my DMZ network to be accessed by my remote LAN... I currently have a IPSEC VPN tunnel on my local lan to my remote office's local lan. now my currently need is to enable my remote office's local lan to access the dmz.

is this possible? if it is, possible, how do i go about it? would it be okay just to add another local lan network on my current tunnel and add another remote lan on my remote office's network?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
acomiskey Sun, 09/02/2007 - 07:07
User Badges:
  • Green, 3000 points or more


Simply add the new interesting traffic to your crypto acl and nat exemption acls.

DMZ Side

access-list permit ip

access-list nat0dmz permit ip

nat (dmz) 0 access-list nat0dmz

Remote Side

access-list permit ip

access-list nat0inside permit ip

nat (inside) 0 access-list nat0inside

Hope this helps.

Please rate helpful posts.

brianbono Sun, 09/02/2007 - 16:48
User Badges:

thanks a lot for validating my doubts :) i may have a slight problem with the remote vpn termination, since it is not a cisco firewall, it cannot support more than one remote/local lan on the vpn tunnel.

again, thanks for helping out.


This Discussion