Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

[cisco asa5510] routing between dmz and inside + vpn doesnt work

I have the following problem, i have a Cisco ASA 5510 and use 3 interfaces of it, (outside, inside and DMZ) on the inside i have serveral VLAN's

Now i have configured VPN and that works fine, so i started to configure the DMZ for the mailserver. i followd the cisco documentation for it

But when i have insert all the commands the VPN connection doesn't work anymore..

my configuration is as follow:

; ----------DMZ--------mailserver (

; internet--------------[asa 5510]---------inside/vlan600(

; --------VPN(

then i add the commands for the mailserver


access-list outside_int extended permit tcp any host eq smtp

access-list dmz_int extended permit tcp host any eq smtp

static (vlan600,dmz) netmask

static (dmz,outside) netmask

access-group outside_int in interface outside

access-group dmz_int in interface dmz


It goes wrong when i add the command:

static (vlan600,dmz) netmask

and i have no idea why?

is there sombody who can help me?


Sebastiaan Moens

New Member

Re: [cisco asa5510] routing between dmz and inside + vpn doesnt

forgot to add my running config

Re: [cisco asa5510] routing between dmz and inside + vpn doesnt


I dont se why that last line would cause any problem but...I wonder.

You added an ACL to the outside interface. Does the ASA add hole for ipsec in a magical way. Pix OS doesnt. I would try permiting esp and isakmp. If it doesnt work, gatter some log by rasing the logging level to debug level.

CreatePlease to create content