Solved: Third Party SSL VPN terminated on ASA DMZ

ewong0088 · ‎06-16-2008

Hi all,

Any help is appreciated. Can this be done:

In ASA 5520, I have a DMZ defined and has been working fine until now. The DMZ subnet is 192.168.10.0/24 and IP on the DMZ interface is 192.168.10.1. Now I am trying to add a third party (not Cisco) SSL VPN appliance. The appliance is given an IP address 192.168.10.101. The SSL VPN appliance will give out IP addreess to SSLVPN clients in the range of 192.168.20.x. After connection is established, the client indeed is getting the 192.168.20.x IP addr. However, clients can not connect to internal LAN. If I change the clients IP address range to the same subnet as the DMZ, everything works. My question is that since the SSLVPN clients are terminated on the DMZ and getting a different subnet IP, how can I route/map these addresses so that they6 can access internal network through the inside interface, or can it be done at all?

Any advice is appreciated.

Farrukh Haroon · ‎06-16-2008

You just need to add the appropriate routes on the ASA for this pool. And also on any Layer 3 routing devices on the inside of the ASA.

Regards

Farrukh

View solution in original post

Farrukh Haroon · ‎06-16-2008

You just need to add the appropriate routes on the ASA for this pool. And also on any Layer 3 routing devices on the inside of the ASA.

Regards

Farrukh

ewong0088 · ‎06-17-2008

Thank you Farrukh. That works.

Farrukh Haroon · ‎06-17-2008

Thats great :)

Please rate helpful posts.

Regards

Farrukh

Farrukh Haroon · ‎06-17-2008

Thats great :)

Please rate helpful posts.

Regards

Farrukh