Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to Site VPN with access to remote DMZs

Hi all,

I have a site to site VPN, with site A being 172.16.1.x and site B being 172.16.2.x.

Site B also has DMZs 192.168.1.x, 192.168.2.x, 192.168.3.x and 192.168.4.x.

The site to site VPN works as expected, but I would like users in site A to be able to reach services in site B's DMZs, I'm just using a host in 192.168.1.x for testing.

I've added the following to site A's nonat and VPN ACLs:

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

I see the hit counts for these rules increment as I attempt to access the test service.

At site B I've then added access for site A's hosts to reach the DMZ hosts

access-list insidein permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0 eq https

But never see this hit counter increment when I request an HTTPS page from a host in DMZ1.

What rule have I missed?

Many thanks.

2 REPLIES
Anonymous
N/A

Re: Site to Site VPN with access to remote DMZs

New Member

Re: Site to Site VPN with access to remote DMZs

Sorry, but having read through this all I see is information on creating various site-to-site VPNs to connect internal networks - which I already have working here.

I didn't see anything regarding accessing the DMZs of the remote PIXs, did I miss something?

111
Views
0
Helpful
2
Replies