Hi thereI have pix 515 with 3 interfaces: Inside (192.x.x.x and NAT), DMZ(official IP adresses) and Outside.I have configured L2TP/IPsec access for VPN clients. Everything worksthing, the clients (Win2K and XP) can successful establish a VPNconnection with the firewall and I also can reach any client on theinside zone. What doesn't work is the connection from a VPN client toa client in DMZ or Outside (clients on the inside interface haveperfect access to DMZ and Outside) .Whats the CISCO philosophie behind L2TP/IPsec clients? Is there apossibility, that VPN clients have internet access through theestablished secure tunnel (have I made an configuration mistake)? orisn't this possible at all?Thanks for your effort.Hans
As for internet access thru the secured tunnel, if you are terminating the IPSec on say the outside interface, the PIX would not redirect packets out the same interface it receives the packet on, so this would not work.
My L2TP VPN tunnel terminates on the outside interface. I can reach any host on the inside subnet, but I can't reach a host in DMZ. Is this just a configuration problem? Or can I basically reach any host on any subent connected to an interface of the PIX, except for the one, where the VPN tunnel terminates?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...