cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
387
Views
5
Helpful
4
Replies

RA VPN from DMZ to outside interface

rasmusan1
Level 1
Level 1

Hello

I have an ASA 5520 on which i have created a IPsec VPN profile, that is enabled on my outside interface. Everything runs just perfect and I can connect from the internet using Cisco VPN client.

Now I wan't to be able to connect using VPN client from a DMZ interface on the same ASA using the same VPN profile in my Cisco VPN client.

however when I try to connect it just times out and the ASA logs "UDP request discarded".

what do I need to configure on the ASA to be able to connect to the IP address of my outside interface from the DMZ ?

any help i GREATLY appreciated :)

best regards

4 Replies 4

passioncas
Level 1
Level 1

While confiuring VPN profile it has to be assigned on the interface.In your scenario , it has already been configured on the OUTSIDE interface and so you will be able to do it from outside.But for DMZ interface , the VPN profile is not configured.

Yes exactly, but I want to use the same VPN profile when connecting from the DMZ - that is: be able to connect to the ip address of the outside interface while on the DMZ.

Hello Rasmus,

"be able to connect to the ip address of the outside interface while on the DMZ"

This is not possible with Cisco firewalls. But you can enable isakmp and map a cryptomap to DMZ interface and still be able to use that VPN Group. But if DMZ is a public subnet and requires a default route which will override outside default route, VPN termination at both interfaces wont be possible.

Regards

ok, that's what i thought - unfortunately

well thanks for your help, I have to solve it some other way

best regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: