Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

About config dmz interface to be a part of ipsec vpn

Hi netpro:

I read a case (Number:K19070059),it said there is 4 steps to configure dmz interface of pix to be a part of ipsec vpn.

1 Add a DMZ network in the VPN crypto access-list.

2 Add DMZ traffic in NAT 0 access-list.

3 Add DMZ traffic in the crypto access-list of the remote peer

4 Add the { nat ( DMZ ) 0 access-list nonat } command.

i am confused whether the step 2 overlap with step 4 , I think the step 2 is unuseful ,please help me ,thank you .

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: About config dmz interface to be a part of ipsec vpn

step two is telling you to create an access-list that is to be used in step four.

for example:

step 2

access-list no-nat extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

step 4

nat (DMZ) 0 access-list no-nat

2 REPLIES
New Member

Re: About config dmz interface to be a part of ipsec vpn

Hi!

New Member

Re: About config dmz interface to be a part of ipsec vpn

step two is telling you to create an access-list that is to be used in step four.

for example:

step 2

access-list no-nat extended permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

step 4

nat (DMZ) 0 access-list no-nat

264
Views
0
Helpful
2
Replies