12-18-2008 05:58 AM - edited 03-11-2019 07:27 AM
Hello
I have an ASA 5520 on which i have created a IPsec VPN profile, that is enabled on my outside interface. Everything runs just perfect and I can connect from the internet using Cisco VPN client.
Now I wan't to be able to connect using VPN client from a DMZ interface on the same ASA using the same VPN profile in my Cisco VPN client.
however when I try to connect it just times out and the ASA logs "UDP request discarded".
what do I need to configure on the ASA to be able to connect to the IP address of my outside interface from the DMZ ?
any help i GREATLY appreciated :)
best regards
12-19-2008 01:27 AM
While confiuring VPN profile it has to be assigned on the interface.In your scenario , it has already been configured on the OUTSIDE interface and so you will be able to do it from outside.But for DMZ interface , the VPN profile is not configured.
12-19-2008 04:04 AM
Yes exactly, but I want to use the same VPN profile when connecting from the DMZ - that is: be able to connect to the ip address of the outside interface while on the DMZ.
12-19-2008 04:20 AM
Hello Rasmus,
"be able to connect to the ip address of the outside interface while on the DMZ"
This is not possible with Cisco firewalls. But you can enable isakmp and map a cryptomap to DMZ interface and still be able to use that VPN Group. But if DMZ is a public subnet and requires a default route which will override outside default route, VPN termination at both interfaces wont be possible.
Regards
12-19-2008 05:19 AM
ok, that's what i thought - unfortunately
well thanks for your help, I have to solve it some other way
best regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: