cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
388
Views
0
Helpful
1
Replies

Access DMZ over vpn tunnel

akblackwel
Level 1
Level 1

As an admin, I sit on network 10.40.45.0/24.

I tunnel to our datacenter like this

10.40.45.0/24 -- tunnel to asa @ datacenter 192.168.199.3 -- 192.168.199.0/24 -- datacenter gateway (pix) 192.168.199.1 -- DMZ 192.168.200.0/24

What routes would I have to set up in the pix to allow me on network 10.40.45.0/24 to access servers in my DMZ on network 192.168.200.0/24?

1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

If you had a real diagram this may be easier

I'm seeing this, so correct me if I'm wrong:

10.40.45.0/24 -> ASA <---VPN--->Pix --- DMZ

The DMZ is off of the Pix? If so, you'll need to not nat your 10.40.45.0 into the DMZ. The Pix obviously has a route back to your 10.40.45.0 subnet (if you can get to anything?), so you wouldn't need any special routes. If you cannot see your 10.40.45.0 subnet from the Pix, you'll need to point the route to your next hop:

route outside 10.40.45.0 255.255.255.0 Pix's gateway

HTH, John *** Please rate all useful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco