Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN and DMZ Server connectivity advise/help

Hello Guys, We have established VPN connection between my office/ATL and Remote office in India. We are exchanging packets between both private networks. India has DMZ server with public IP address that could not communicate with my private network. India advised me that they could not NAT that server to share same private IP address range with the rest of the servers because other company's are connected to that DMZ server via its public IP address. What advice or solutions or how can I advice India to have my private IP address to communicate with their DMZ server? VPN connection already established. My users need to access Remedy services on India DMZ server. Thanks in advance!!


New Member

Re: VPN and DMZ Server connectivity advise/help

One option would be to update your VPN tunnel configuration to include communication between your private network and the public address assigned to the server...

Re: VPN and DMZ Server connectivity advise/help


Basically on the access list you use for identifying the interested traffic to be encrypted you would need to PERMIT your private network as source and the public IP address of the DMZ server as destination. In India they need to include the DMZ's Public IP address as the source and your private network as the destination (to the access list used for the interesting traffic). In that way traffic to/from your private network to/from the DMZ servers will be routed through the tunnel.

You(and India) also need to make sure the above traffic is not NATed.

Also make sure you (and India) allow that access on any access list applied to the firewall.

And finally you need to make sure that routing on both ends is configured correctly .i.e the DMZ server should send traffic destined to your private segment to their firewall. Your private segment should send traffic destined to the DMZ server to your firewall's inside interface.

I hope it helps .. please rate helpful posts