cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
297
Views
0
Helpful
2
Replies

VPN subnet access to DMZ

jgorman1977
Level 1
Level 1

We have a site-to-site vpn with our London site and they need access to a webserver in our DMZ. I haven't had any trouble getting our remote vpn users access, but am unable to connect the London office to the webserver.

Attached are the configs I implemented.

Thanks in advance.

2 Replies 2

acomiskey
Level 10
Level 10

Add the traffic to the nat exemption acl for the dmz and also for the crypto acl for the interesting traffic for the l2l tunnel.

access-list No-NAT-DMZ extended permit ip

access-list extended permit ip

in the second access list, i added:

access-list DMZ_cryptomap extended permit ip 172.16.110.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list DMZ_cryptomap extended permit ip 172.16.110.0 255.255.255.0 192.168.10.0 255.255.255.0

Would this be correct?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: