ASA multiple VPN problems.

Unanswered Question
Jun 9th, 2014
User Badges:



I would greatly appriciate some help on this.

I have a ASA 5510 who is configured for 2 different sites as site-2-site hub.

recently I needed to add a firewall into a dmz, because the other party did not want to peer with our firewall but wanted their own hardware at our premisis. please look at the attached picture, this sayes more then a 1000 words for understanding ;-).


what I added to our ASA 5510 is 2 new interfaces one called Dirty DMZ (the internet facing one) and one named clean DMZ (the internal facing one).

The thing I see happening is that the proposals coming from the 3rd party are being picked up by the ASA instead of forwarding them and NAT them.

How can I create a rule if isakmp, NAT-T, AH, and ESP is coming from a certain IP towards dirty DMZ then NAT and pass through?


Help is really appriciated!




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion