11-01-2002 12:30 PM - edited 02-20-2020 10:21 PM
Are there any problems that would prohibit a Unity Client to start connections to hosts on the pix inside and pix dmz networks at the same time?
Can you provide a link that describes the PIX side of the configuration for access to both networks not just the inside network?
Solved! Go to Solution.
11-03-2002 04:12 PM
Whoops, yep sorry, brain fade on my part, disregard my first email. Your configuration would look like this:
ip address inside 10.1.1.1 255.255.255.0
ip address dmz 172.16.1.1 255.255.255.0
ip local pool vpnpool 192.168.1.1-192.168.1.254
nat (inside) 0 access-list nonatinside
nat (dmz) 0 access-list nonatdmz
access-list nonatinside permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonatdmz permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
Hope that helps.
11-02-2002 05:59 PM
There isn't any problems with this, you just have to make sure you bypass NAT for traffic from both interfaces going to your VPN pool of addresses. The PIX will take care of the routing, etc.
For example, your config would look like this:
ip address inside 10.1.1.1 255.255.255.0
ip address dmz 172.16.1.1 255.255.255.0
ip local pool vpnpool 192.168.1.1-192.168.1.254
nat (inside) 0 access-list nonat
access-list nonat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
Hope that helps.
11-03-2002 11:13 AM
Very Helpful, Thank you!
Would I also need a nat (dmz) 0 access-list nonat statement for the DMZ hosts to bypass nat?
11-03-2002 04:12 PM
Whoops, yep sorry, brain fade on my part, disregard my first email. Your configuration would look like this:
ip address inside 10.1.1.1 255.255.255.0
ip address dmz 172.16.1.1 255.255.255.0
ip local pool vpnpool 192.168.1.1-192.168.1.254
nat (inside) 0 access-list nonatinside
nat (dmz) 0 access-list nonatdmz
access-list nonatinside permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonatdmz permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
Hope that helps.
11-04-2002 12:36 PM
That helps very much.... Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide