Cisco PIX 515e - VPN

Unanswered Question
Jan 20th, 2009
User Badges:

Hello,


We have configured vpn remote access on Cisco PIX 515e for all users to dial in to our internal network servers.


When i connect through vpn, i can access all my servers in the DMZ zone. But i cannot access any server in my Internal Network.


Can you please guide, if there is any rule required to allow this or so ?


Thanks in advance.


Kalpesh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pstebner10 Wed, 01/21/2009 - 07:49
User Badges:

Kalpesh-

Let's say that the DMZ is 10.0.0.0 /24 and your Inside network is 192.168.1.0 /24. Lastly, the DHCP scope for your VPN clients is 192.168.100.0 /24.

You would need to have two NAT statements in order for the VPN users to reach both networks:

nat(dmz) 0 access-list DMZNONAT

nat (inside) 0 access-list INSIDENONAT

(or whatever you want to call the ACLs)

Then, setup your access-lists:

access-list INSIDENONAT extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list DMZNONAT extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.255.255.0


If you are using split-tunneling you will need to add a line to the split-tunnel ACL for your inside network as well:

access-list SPLIT-TUNNEL standard permit 192.168.1.0 255.255.255.0



That should do it.

HTH,

Paul

Actions

This Discussion