VPN subnet access to DMZ

Unanswered Question
Mar 27th, 2008

We have a site-to-site vpn with our London site and they need access to a webserver in our DMZ. I haven't had any trouble getting our remote vpn users access, but am unable to connect the London office to the webserver.

Attached are the configs I implemented.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Thu, 03/27/2008 - 13:48

Add the traffic to the nat exemption acl for the dmz and also for the crypto acl for the interesting traffic for the l2l tunnel.

access-list No-NAT-DMZ extended permit ip

access-list extended permit ip

jgorman1977 Thu, 03/27/2008 - 14:06

in the second access list, i added:

access-list DMZ_cryptomap extended permit ip

access-list DMZ_cryptomap extended permit ip

Would this be correct?



This Discussion