I am having an issue where my clients who establish a vpn connection with at Pix 515 can not access the hosts on the DMZ. The VPN clients can access the hosts on the inside network without any problem. I have discovered that when I do a trace route from a client machine that has established a VPN connection to a host on the DMZ it tries to go through the computers default gateway instead of the cisco client. Any Ideas?
When a client connects with the PIX via VPN it is handed the internal DNS servers and on the internal DNS server we have a host entry that says "www.whatever.com" 188.8.131.52 (this is the DMZ host). The clients on the inside of the network can access this host with out problems it is just the clients that establish a VPN connection. But the VPN Clients can access "www.whatever.com" by using it public ip address. The problem is if we remove the host entry on the DNS server so that the name "www.whatever.com" resolves to the public ip the inside clients will not be able to access the DMZ host. Names and IP numbers are not the real ones just using those as an example.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...