Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

question about vpn in dmz

put my cisco 3015 vpn box in my dmz - I setup a rule to allow 500/upd in and out (that works fine) but I want to make sure I setup the correct rules for the vpn box to communicate with my internal network and visa versa.

Both my dmz and internal network use nat

dmz 192.168.2.0

internal 192.168.1.0

public x.x.x.x

pix commands:

static (inside, dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

access-list acl_outbound permit any host 192.168.2.3

access-list acl_dmz permit host 192.168.2.3 any

Are these ACL's correct?

thanks for any info!

:)

Jenn

1 REPLY
Silver

Re: question about vpn in dmz

To my understanding the first command allows the inside hosts to access the DMz without being NAT'ed. The last access list allows access to the host 192.168.2.3 which is inside the DMz zone to everyone. Not sure what the second access list does.

79
Views
0
Helpful
1
Replies
CreatePlease login to create content