09-01-2007 05:11 AM - edited 03-11-2019 04:05 AM
i was wondering if i could allow my DMZ network to be accessed by my remote LAN... I currently have a IPSEC VPN tunnel on my local lan to my remote office's local lan. now my currently need is to enable my remote office's local lan to access the dmz.
is this possible? if it is, possible, how do i go about it? would it be okay just to add another local lan network on my current tunnel and add another remote lan on my remote office's network?
thanks
09-02-2007 07:07 AM
Brian,
Simply add the new interesting traffic to your crypto acl and nat exemption acls.
DMZ Side
access-list
access-list nat0dmz permit ip
nat (dmz) 0 access-list nat0dmz
Remote Side
access-list
access-list nat0inside permit ip
nat (inside) 0 access-list nat0inside
Hope this helps.
Please rate helpful posts.
09-02-2007 04:48 PM
thanks a lot for validating my doubts :) i may have a slight problem with the remote vpn termination, since it is not a cisco firewall, it cannot support more than one remote/local lan on the vpn tunnel.
again, thanks for helping out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide