VPN from DMZ

Unanswered Question
Apr 10th, 2009
User Badges:

I have an ASA 5510. I have an interface with a security of 10 called "internetguest". We use this interface to connect vendors to the internet without accessing the "inside" network. These vendors have a need to access the "inside" network. I have our VPN setup to connect to our "outside" interface which is on the same ASA and a security of 0. How would I configure the ASA to allow VPN to the "outside" interface from the "internetguest" interface? I am tring to build the VPN tunnel from one interface to another on the same ASA. Let me know what other information you may need and thank you in advance for your time and effort.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
roshan.maskey Fri, 04/10/2009 - 15:07
User Badges:


Could you clarify a bit on these:

1. are vendor directly connected to internetguest zone or connected to router and vendor behind router

2. what kind of VPN do want to deploy Site to Site or RemoteAccess VPN.

mdombek_biz Fri, 04/10/2009 - 16:04
User Badges:

If I understand you correct you need to access the inside network from your DMZ interface using VPN (i guess Remote Access). Well I doubt that the idea of passing the traffic through your DMZ interface and connecting to the outside interface works, but AFAIK you can activate vpn connectivity on your DMZ interface

with something like the commands:

crypto map "YourCryptoMapName" interface internetguest

crypto isakmp enable internetguest

Hope this helps cheers



This Discussion