Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Unity Client to Pix inside and dmz networks

Are there any problems that would prohibit a Unity Client to start connections to hosts on the pix inside and pix dmz networks at the same time?

Can you provide a link that describes the PIX side of the configuration for access to both networks not just the inside network?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Unity Client to Pix inside and dmz networks

Whoops, yep sorry, brain fade on my part, disregard my first email. Your configuration would look like this:

ip address inside 10.1.1.1 255.255.255.0

ip address dmz 172.16.1.1 255.255.255.0

ip local pool vpnpool 192.168.1.1-192.168.1.254

nat (inside) 0 access-list nonatinside

nat (dmz) 0 access-list nonatdmz

access-list nonatinside permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list nonatdmz permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

Hope that helps.

4 REPLIES
Cisco Employee

Re: Unity Client to Pix inside and dmz networks

There isn't any problems with this, you just have to make sure you bypass NAT for traffic from both interfaces going to your VPN pool of addresses. The PIX will take care of the routing, etc.

For example, your config would look like this:

ip address inside 10.1.1.1 255.255.255.0

ip address dmz 172.16.1.1 255.255.255.0

ip local pool vpnpool 192.168.1.1-192.168.1.254

nat (inside) 0 access-list nonat

access-list nonat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

Hope that helps.

Community Member

Re: Unity Client to Pix inside and dmz networks

Very Helpful, Thank you!

Would I also need a nat (dmz) 0 access-list nonat statement for the DMZ hosts to bypass nat?

Cisco Employee

Re: Unity Client to Pix inside and dmz networks

Whoops, yep sorry, brain fade on my part, disregard my first email. Your configuration would look like this:

ip address inside 10.1.1.1 255.255.255.0

ip address dmz 172.16.1.1 255.255.255.0

ip local pool vpnpool 192.168.1.1-192.168.1.254

nat (inside) 0 access-list nonatinside

nat (dmz) 0 access-list nonatdmz

access-list nonatinside permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list nonatdmz permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

Hope that helps.

Community Member

Re: Unity Client to Pix inside and dmz networks

That helps very much.... Thank you!

95
Views
0
Helpful
4
Replies
CreatePlease to create content