I have a Cisco 5510 that has a DMZ setup on it and supports Remote Access via the legacy client, not web or SSL. While on VPN I can get to all internal resources, have no problems. However I cannot conect to any resouce in the Dmz. I've look at the Nat rules and firewall rules, however I am stumped. I think the order of operations is the VPN packet arrives at the outside interface, ACLs are checked, then decrypted, then Nat'd (if any) and the passed.
So I am assuming i need to have rules that allow the decrypted packet traverse from the Outside interface to the Dmz and back.
However I am not sure how to go about this. The address I am trying to reach in the DMZ is the actual address of the webserver and not its Nat'd address.
Thanks for the post. That is what I thought but still no joy.... WOuld you perhaps know from what interface would the PIX think this request originates from. My thought is since the traffic comes through the Outside interface, is deencrypted and then placed in the inside interface que that perhaps there is no way to bounce this traffic to the DMZ interface as it would be entering the interface (inside) to get there form where it is from. I'm thinking this is not allowed (normally isn't) and I cannot think of how to make this work..... THoughts?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...