Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN's, routers and DMZ - Oh My - HELP !!!

We have several remote offices that connect back to corporate via VPN tunnel using 3002 hardware client at remote sites that connects up to 3005. The ip space at remote offices is 10.6.x.x. The IP space at corporate is 10.5.4.x. Users at remote sites can get to everything here and at other remote sites.

We installed a DMZ here at corporate in the 192.168.1.x space and place web servers, etc. in it. Here at corp. we can get to the DMZ devices from our workstations, however the remote sites cannot. Also if I come in from home via software VPN client I cannot get to the DMZ devices.

I am hoping that this is something that can be fixed?

Can anyone help a poor windows 2000 admin pretending to be a cisco admin :)



Re: VPN's, routers and DMZ - Oh My - HELP !!!

Somewhere in all your PIX-configs there is an access-list that defines the traffic for the VPN tunnel. This traffic is to be exempted from NAT.

You have to add the 192.168.1.x range to this list. Depending on the the way your systems are set up, there could even be two access-lists. One to define the traffic destined for Internet, which is to be NATed (this list should EXclude the range that you use for remote offices), and another one which defines the traffic for the VPN. (this list should INclude the range that you use for remote offices) What you should do is find these lists and change them.

I really wish you a merry Christmas, preferrably not in config-mode!?

CreatePlease login to create content