Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

allow VPN traffic on DMZ

i was wondering if i could allow my DMZ network to be accessed by my remote LAN... I currently have a IPSEC VPN tunnel on my local lan to my remote office's local lan. now my currently need is to enable my remote office's local lan to access the dmz.

is this possible? if it is, possible, how do i go about it? would it be okay just to add another local lan network on my current tunnel and add another remote lan on my remote office's network?

thanks

2 REPLIES
Green

Re: allow VPN traffic on DMZ

Brian,

Simply add the new interesting traffic to your crypto acl and nat exemption acls.

DMZ Side

access-list permit ip

access-list nat0dmz permit ip

nat (dmz) 0 access-list nat0dmz

Remote Side

access-list permit ip

access-list nat0inside permit ip

nat (inside) 0 access-list nat0inside

Hope this helps.

Please rate helpful posts.

New Member

Re: allow VPN traffic on DMZ

thanks a lot for validating my doubts :) i may have a slight problem with the remote vpn termination, since it is not a cisco firewall, it cannot support more than one remote/local lan on the vpn tunnel.

again, thanks for helping out.

137
Views
3
Helpful
2
Replies
CreatePlease login to create content