cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
453
Views
0
Helpful
2
Replies

Access list and NAT for SSL VPN in DMZ

Lavanholy
Level 1
Level 1

Hi,

I am going to implement the SSL VPN appliance in the DMZ of PIX515E (6.3 Ver)

I have to give access to SSL VPN from outside users and as well as from inside inside users.

Please help me.

My understanding is SSL VPN has to be NATTED for outside and also for Inside,then appropriate ACL has to be applied.

Please help me.

Thanks and Regards,

S.Venkataraman.

2 Replies 2

bwilmoth
Level 5
Level 5

For SSL VPN users to get access to the DMZ, define nat (DMZ) with the access-list command that permits the DMZ subnet to go to the VPN user's subnet without getting natted. (like nat (inside) 0 statement.)

As an example try out the configuration given below,

#> nat ( dmz ) 0 access-list dmz_nat0

Issue the access-list (dmz_nat0) command with the source as DMZ network and the desitination as the VPN user's subnet.

dongdongliu
Level 1
Level 1

hello,

set a local pool so that SSL user should get address from here.

using Nat 0 in order to traffic from DMZ to pool is not Natted.

regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: