Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN, Routers and DMZ oh my - Help !!!

We have several remote offices that connect back to corporate via VPN tunnel using 3002 hardware client at remote sites that connects up to 3005. The ip space at remote offices is 10.6.x.x. The IP space at corporate is 10.5.4.x. Users at remote sites can get to everything here and at other remote sites.

We installed a DMZ here at corporate in the 192.168.1.x space and place web servers, etc. in it. Here at corp. we can get to the DMZ devices from our workstations, however the remote sites cannot. Also if I come in from home via software VPN client I cannot get to the DMZ devices.

I am hoping that this is something that can be fixed?

Can anyone help a poor windows 2000 admin pretending to be a cisco admin :)


New Member

Re: VPN, Routers and DMZ oh my - Help !!!

I'm another Win2k admin pretending to be a Cisco admin so maybe this will make sense.

I would try performing a traceroute from one of the clients to a device in the DMZ first and foremost to see where the last successful hop was. Also, you may need to check the default gateway of the 3005 to ensure that it is forwarding all unknown traffic to a router that has static routes to direct traffic to the DMZ subnet. Lastly, does the DMZ router interface have a static route to get back to the 10.6.x.x subnet.

Hope this helps somewhat. I know that troubleshooting problems on the 3005 hardware is not fun...I prefer something with an IOS.

New Member

Re: VPN, Routers and DMZ oh my - Help !!!

You have to add routes from the VPN to the dmz, etc...

Have you implemented split tunneling? Obviously it works to 10.5.4.x., so just do the same thing for the 192.168.1.x, but if there is no direct hop, you have to tinker, and if you go through a firewall, make sure it knows how to respond.

CreatePlease login to create content