04-06-2007 11:22 AM - edited 03-11-2019 02:57 AM
I have a 3 interface Pix 515E at our core site (inside, outside, DMZ). We have 4 remote sites that connect to our main office via VPN tunnels terminating on the pix. Currently the remote sites cannot access the DMZ. The tunnels are functioning perfectly in all aspects except for DMZ access. Any ideas?
Solved! Go to Solution.
04-06-2007 01:55 PM
You are missing nat exemption from your dmz to remote networks. ADD the following...
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Madison 255.255.255.0
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Appleton 255.255.255.0
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Racine 255.255.255.0
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 CCNHEIL 255.255.255.0
nat (DMZ) 0 access-list DMZ_outbound_nat0_acl
You can REMOVE the following statements from your inside nat exemption.
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Madison 255.255.255.0
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Appleton 255.255.255.0
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Racine 255.255.255.0
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 CCNHEIL 255.255.255.0
Please rate if it helps.
04-06-2007 11:32 AM
Without the config, I can only guess...Nat exemption from dmz subnet to vpn client subnet probably.
04-06-2007 11:49 AM
04-06-2007 01:55 PM
You are missing nat exemption from your dmz to remote networks. ADD the following...
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Madison 255.255.255.0
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Appleton 255.255.255.0
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Racine 255.255.255.0
access-list DMZ_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 CCNHEIL 255.255.255.0
nat (DMZ) 0 access-list DMZ_outbound_nat0_acl
You can REMOVE the following statements from your inside nat exemption.
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Madison 255.255.255.0
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Appleton 255.255.255.0
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 Racine 255.255.255.0
access-list inside_outbound_nat0_acl permit ip CCNDMZ 255.255.255.0 CCNHEIL 255.255.255.0
Please rate if it helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: