RA VPN from DMZ to outside interface

Unanswered Question
Dec 18th, 2008
User Badges:


I have an ASA 5520 on which i have created a IPsec VPN profile, that is enabled on my outside interface. Everything runs just perfect and I can connect from the internet using Cisco VPN client.

Now I wan't to be able to connect using VPN client from a DMZ interface on the same ASA using the same VPN profile in my Cisco VPN client.

however when I try to connect it just times out and the ASA logs "UDP request discarded".

what do I need to configure on the ASA to be able to connect to the IP address of my outside interface from the DMZ ?

any help i GREATLY appreciated :)

best regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
passioncas Fri, 12/19/2008 - 01:27
User Badges:

While confiuring VPN profile it has to be assigned on the interface.In your scenario , it has already been configured on the OUTSIDE interface and so you will be able to do it from outside.But for DMZ interface , the VPN profile is not configured.

rasmusan1 Fri, 12/19/2008 - 04:04
User Badges:

Yes exactly, but I want to use the same VPN profile when connecting from the DMZ - that is: be able to connect to the ip address of the outside interface while on the DMZ.

husycisco Fri, 12/19/2008 - 04:20
User Badges:
  • Gold, 750 points or more

Hello Rasmus,

"be able to connect to the ip address of the outside interface while on the DMZ"

This is not possible with Cisco firewalls. But you can enable isakmp and map a cryptomap to DMZ interface and still be able to use that VPN Group. But if DMZ is a public subnet and requires a default route which will override outside default route, VPN termination at both interfaces wont be possible.


rasmusan1 Fri, 12/19/2008 - 05:19
User Badges:

ok, that's what i thought - unfortunately

well thanks for your help, I have to solve it some other way

best regards


This Discussion