09-01-2007 05:11 AM - edited 03-11-2019 04:05 AM
i was wondering if i could allow my DMZ network to be accessed by my remote LAN... I currently have a IPSEC VPN tunnel on my local lan to my remote office's local lan. now my currently need is to enable my remote office's local lan to access the dmz.
is this possible? if it is, possible, how do i go about it? would it be okay just to add another local lan network on my current tunnel and add another remote lan on my remote office's network?
thanks
09-02-2007 07:07 AM
Brian,
Simply add the new interesting traffic to your crypto acl and nat exemption acls.
DMZ Side
access-list
access-list nat0dmz permit ip
nat (dmz) 0 access-list nat0dmz
Remote Side
access-list
access-list nat0inside permit ip
nat (inside) 0 access-list nat0inside
Hope this helps.
Please rate helpful posts.
09-02-2007 04:48 PM
thanks a lot for validating my doubts :) i may have a slight problem with the remote vpn termination, since it is not a cisco firewall, it cannot support more than one remote/local lan on the vpn tunnel.
again, thanks for helping out.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: