06-16-2008 11:20 AM - edited 02-21-2020 03:46 PM
Hi all,
Any help is appreciated. Can this be done:
In ASA 5520, I have a DMZ defined and has been working fine until now. The DMZ subnet is 192.168.10.0/24 and IP on the DMZ interface is 192.168.10.1. Now I am trying to add a third party (not Cisco) SSL VPN appliance. The appliance is given an IP address 192.168.10.101. The SSL VPN appliance will give out IP addreess to SSLVPN clients in the range of 192.168.20.x. After connection is established, the client indeed is getting the 192.168.20.x IP addr. However, clients can not connect to internal LAN. If I change the clients IP address range to the same subnet as the DMZ, everything works. My question is that since the SSLVPN clients are terminated on the DMZ and getting a different subnet IP, how can I route/map these addresses so that they6 can access internal network through the inside interface, or can it be done at all?
Any advice is appreciated.
Solved! Go to Solution.
06-16-2008 11:30 AM
You just need to add the appropriate routes on the ASA for this pool. And also on any Layer 3 routing devices on the inside of the ASA.
Regards
Farrukh
06-16-2008 11:30 AM
You just need to add the appropriate routes on the ASA for this pool. And also on any Layer 3 routing devices on the inside of the ASA.
Regards
Farrukh
06-17-2008 04:04 AM
Thank you Farrukh. That works.
06-17-2008 04:09 AM
Thats great :)
Please rate helpful posts.
Regards
Farrukh
06-17-2008 04:09 AM
Thats great :)
Please rate helpful posts.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: