We currently have the firewall configured with an outside, inside, failover, DMZ and secure interfaces. We have a business partner that connects to us via an MPLS line and connects via the DMZ. The users are able to connect to the inside interface but are not able to connect to the segment on the other side of the VPN tunnel. I get a "no route to x.x.x.x from x.x.x.x. The VPN tunnel work fine from the inside interface.
ASA5510 which takes care of DMZ,inside,outside and 2 VPN site-to-site connections.
inside 192.168.91.x / 24
outside 195.128.91.x / 24
dmz 10.128.91.x / 24
1st VPN 192.168.93.x / 24
2nd VPN 192.168.92.x / 24
basically I have an email server 10.128.91.xx that is NATed to 195.128.91.xx and biNATed to inside interface in order to internal users have access to it by single DNS record. What I would like to achieve is make this DMZ server connect over already established VPN channel to another 2 servers 192.168.93.yy and 192.168.92.yy both in the VPN remote sites as they cannot be reached over Internet.
Please let me know if I didn't provide enough info.
this works with NAT exemption just great. The only thing which concerns me now is that between DMZ and remote lan connected to ASA through VPN ALL ip packets go out of Access Rules control. And I would like to limit those to the only smtp for example. In this case what should be changed in configuration?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :