weird vpn

Unanswered Question
Jun 10th, 2010

     Hi,

I have a client with an 5510 ASA with three interfaces configured: outside, dmz and inside. Outside and dmz are real ip addresses. The client wants a remote vpn to the network. The IP the vpn clients must connect to is the IP of the dmz interface of the ASA and they must have access to the inside network. I can't seem to make this work. What do I need to configure for this? I tried a vpn on the dmz interface and access-lists allowing access to the interface from the outside but it doesn't work. I also tried a dynamic nat policy stating that anything coming on the outside interface for the dmz interface ip is to be translated to the outside interface ip and I configured the vpn on the outside interface but this doesn't work either. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Thu, 06/10/2010 - 06:41

Hi,

You can do any combination of the above.

If you have a public IP on one interface of the ASA (outside or DMZ) and is reachable via Internet, then you can terminate the VPN on either interface.

Then, with or without NAT you can access resources on any other interface. I have done it a lot of times.

Please explain a little bit better what are you trying to do.

Federico.

Actions

This Discussion