Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

[cisco asa5510] routing between dmz and inside + vpn doesnt work

I have the following problem, i have a Cisco ASA 5510 and use 3 interfaces of it, (outside, inside and DMZ) on the inside i have serveral VLAN's

Now i have configured VPN and that works fine, so i started to configure the DMZ for the mailserver. i followd the cisco documentation for it http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml

But when i have insert all the commands the VPN connection doesn't work anymore..

my configuration is as follow:

; ----------DMZ--------mailserver (192.168.2.2)

; internet--------------[asa 5510]---------inside/vlan600(192.168.6.0)

; --------VPN(192.168.45.0)

then i add the commands for the mailserver

[code]

access-list outside_int extended permit tcp any host 146.76.18.20 eq smtp

access-list dmz_int extended permit tcp host 192.168.2.2 any eq smtp

static (vlan600,dmz) 192.168.6.0 192.168.6.0 netmask 255.255.255.0

static (dmz,outside) 146.76.18.20 192.168.2.2 netmask 255.255.255.255

access-group outside_int in interface outside

access-group dmz_int in interface dmz

[code]

It goes wrong when i add the command:

static (vlan600,dmz) 192.168.6.0 192.168.6.0 netmask 255.255.255.0

and i have no idea why?

is there sombody who can help me?

regards,

Sebastiaan Moens

2 REPLIES
New Member

Re: [cisco asa5510] routing between dmz and inside + vpn doesnt

forgot to add my running config

Re: [cisco asa5510] routing between dmz and inside + vpn doesnt

Hi,

I dont se why that last line would cause any problem but...I wonder.

You added an ACL to the outside interface. Does the ASA add hole for ipsec in a magical way. Pix OS doesnt. I would try permiting esp and isakmp. If it doesnt work, gatter some log by rasing the logging level to debug level.

369
Views
0
Helpful
2
Replies
CreatePlease to create content