Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Access list and NAT for SSL VPN in DMZ

Hi,

I am going to implement the SSL VPN appliance in the DMZ of PIX515E (6.3 Ver)

I have to give access to SSL VPN from outside users and as well as from inside inside users.

Please help me.

My understanding is SSL VPN has to be NATTED for outside and also for Inside,then appropriate ACL has to be applied.

Please help me.

Thanks and Regards,

S.Venkataraman.

2 REPLIES
Bronze

Re: Access list and NAT for SSL VPN in DMZ

For SSL VPN users to get access to the DMZ, define nat (DMZ) with the access-list command that permits the DMZ subnet to go to the VPN user's subnet without getting natted. (like nat (inside) 0 statement.)

As an example try out the configuration given below,

#> nat ( dmz ) 0 access-list dmz_nat0

Issue the access-list (dmz_nat0) command with the source as DMZ network and the desitination as the VPN user's subnet.

Community Member

Re: Access list and NAT for SSL VPN in DMZ

hello,

set a local pool so that SSL user should get address from here.

using Nat 0 in order to traffic from DMZ to pool is not Natted.

regards

241
Views
0
Helpful
2
Replies
CreatePlease to create content