11-28-2006 10:54 PM - edited 03-11-2019 02:02 AM
Hi netpro:
I read a case (Number:K19070059),it said there is 4 steps to configure dmz interface of pix to be a part of ipsec vpn.
1 Add a DMZ network in the VPN crypto access-list.
2 Add DMZ traffic in NAT 0 access-list.
3 Add DMZ traffic in the crypto access-list of the remote peer
4 Add the { nat ( DMZ ) 0 access-list nonat } command.
i am confused whether the step 2 overlap with step 4 , I think the step 2 is unuseful ,please help me ,thank you .
Solved! Go to Solution.
11-29-2006 06:13 AM
step two is telling you to create an access-list that is to be used in step four.
for example:
step 2
access-list no-nat extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0
step 4
nat (DMZ) 0 access-list no-nat
11-28-2006 11:29 PM
Hi!
11-29-2006 06:13 AM
step two is telling you to create an access-list that is to be used in step four.
for example:
step 2
access-list no-nat extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0
step 4
nat (DMZ) 0 access-list no-nat
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: