I have a Cisco 5510 that has a DMZ setup on it and supports Remote Access via the legacy client, not web or SSL. While on VPN I can get to all internal resources, have no problems. However I cannot conect to any resouce in the Dmz. I've look at the Nat rules and firewall rules, however I am stumped. I think the order of operations is the VPN packet arrives at the outside interface, ACLs are checked, then decrypted, then Nat'd (if any) and the passed.
So I am assuming i need to have rules that allow the decrypted packet traverse from the Outside interface to the Dmz and back.
However I am not sure how to go about this. The address I am trying to reach in the DMZ is the actual address of the webserver and not its Nat'd address.