remote site in site to site vpn not accessing server in dmz

Unanswered Question
May 15th, 2008
User Badges:

I have our lotus sametime (instant messaging) server in the dmz and works from inside and outside as it should. We had a site to site vpn connection with hgnwse and Maltex on our pix, and I moved to the ASA yesterday successfully, well almost. Those two locations can no longer see the sametime server in the dmz. Everything on inside to those locations is working fine (AS400, lotus notes, etc) They could see the dmz while the tunnel was connected to pix, so Im sure its something small im missing. Here is a current config with several items Ive configured but not implemented. The only item that is actually in dmz is sametime server. I have to get issues like this one resolved before moving the more critical servers into it.

from a pc in maltex that Im vnc'd to, I cant ping the (sametime server) or even the (inside interface of asa) I can ping most anything that is on the inside network I think its either an access issue or routing issue.

any help is appreciated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gmtimmons Fri, 05/16/2008 - 09:35
User Badges:

I have tried adding the below, and still getting same results

access-list nonat-dmz permit ip

access-list nonat-dmz permit ip Hgnwhse

access-list nonat-dmz permit ip Maltex

nat (DMZ) 0 access-list nonat-dmz

Clear xlate

any ideas?

husycisco Sat, 05/17/2008 - 04:33
User Badges:
  • Gold, 750 points or more

Hi Mark

After applying above, all should be fine. Try reloading ASA.

Also please attach the latest config.


husycisco Mon, 05/19/2008 - 07:31
User Badges:
  • Gold, 750 points or more


You have the following route

route inside 1

That route makes the traffic to Maltex and to Hgnwhse be routed to inside instead to your default route outside. Make the following change, then try again.

no route inside 1

route inside 200

clear route

If no luck, post the output of

show route



This Discussion