Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1013
Views
0
Helpful
2
Replies

About config dmz interface to be a part of ipsec vpn

Go to solution
jj-zhou
Level 1
Level 1

‎11-28-2006 10:54 PM - edited ‎03-11-2019 02:02 AM

Hi netpro:

I read a case (Number:K19070059),it said there is 4 steps to configure dmz interface of pix to be a part of ipsec vpn.

1 Add a DMZ network in the VPN crypto access-list.

2 Add DMZ traffic in NAT 0 access-list.

3 Add DMZ traffic in the crypto access-list of the remote peer

4 Add the { nat ( DMZ ) 0 access-list nonat } command.

i am confused whether the step 2 overlap with step 4 , I think the step 2 is unuseful ,please help me ,thank you .

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bhooker
Level 4
Level 4

‎11-29-2006 06:13 AM

step two is telling you to create an access-list that is to be used in step four.

for example:

step 2

access-list no-nat extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

step 4

nat (DMZ) 0 access-list no-nat

View solution in original post

0 Helpful
2 Replies 2

Go to solution
anton_lva
Level 1
Level 1

‎11-28-2006 11:29 PM

Hi!

0 Helpful

Go to solution
bhooker
Level 4
Level 4

‎11-29-2006 06:13 AM

step two is telling you to create an access-list that is to be used in step four.

for example:

step 2

access-list no-nat extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

step 4

nat (DMZ) 0 access-list no-nat

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card