Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 506e VPN from DMZ back to Inside for Wireless

Greetings,

I have an IPSEC VPN set up on a PIX 506e for inbound traffic into the inside of the network. I also have a DMZ set up for wireless, trunked from a 2950. The wireless DMZ works great, and outside access works from both the inside and the DMZ. Inbound VPN works great, but not from a laptop connected wirelessly in the DMZ. The whole point here is to offer wireless clients access to the Internet, but only properly configured VPN clients get access to the internal network.

Any ideas?

Oh, and PAT on the outside, static address. Inside is a 192.168.1.0 and DMZ is 192.168.2.0.

1 REPLY
Silver

Re: PIX 506e VPN from DMZ back to Inside for Wireless

Add nonat config for the DMZ interface. For example, assume this configuration:

ip address inside 10.1.1.1 255.255.255.0

ip address dmz 172.16.1.1 255.255.255.0

ip local pool vpn_pool 192.168.1.1-192.168.1.254

access-list split_tunnel permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list split_tunnel

Enter these commands:

access-list split_tunnel permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (dmz) 0 access-list split_tunnel

122
Views
0
Helpful
1
Replies