Cisco Support Community
Community Member

Accessing a DMZ network through VPN Client on PIX

I have a site-site VPN tunnel configured. To access it you have to go thru a DMZ off of my PIX. Traffic

going thru the DMZ interface is translated to a global hide IP address. I am attempting to access the remote network (other side of site-site VPN) thru the DMZ inteface with a Cisco VPN client. I want the traffic from the VPN client to be translated under that same global hide IP like any other traffic from my internal LANS. How can I do this? In my logs when I try to access I see

"no translation group found" messages.



Re: Accessing a DMZ network through VPN Client on PIX

I think you are mixing up Site-to-Site VPN's with remote access VPN's. You already have a site-to-site tunnel setup between the PIX and the device on the remote end. The PIX can be configured to encrypt traffic from all devices behind it and you do not need the VPN client software for that. All that you need to do is to configure the PIX to treat traffic from the device in question as interesting. However, if you still need to set up a VPN client behind the PIX, you should be able to do that but I don't think that you can use the same address.

CreatePlease to create content