Cisco PIX 515e - VPN

Unanswered Question
Jan 20th, 2009
User Badges:


We have configured vpn remote access on Cisco PIX 515e for all users to dial in to our internal network servers.

When i connect through vpn, i can access all my servers in the DMZ zone. But i cannot access any server in my Internal Network.

Can you please guide, if there is any rule required to allow this or so ?

Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pstebner10 Wed, 01/21/2009 - 07:49
User Badges:


Let's say that the DMZ is /24 and your Inside network is /24. Lastly, the DHCP scope for your VPN clients is /24.

You would need to have two NAT statements in order for the VPN users to reach both networks:

nat(dmz) 0 access-list DMZNONAT

nat (inside) 0 access-list INSIDENONAT

(or whatever you want to call the ACLs)

Then, setup your access-lists:

access-list INSIDENONAT extended permit ip

access-list DMZNONAT extended permit ip

If you are using split-tunneling you will need to add a line to the split-tunnel ACL for your inside network as well:

access-list SPLIT-TUNNEL standard permit

That should do it.




This Discussion