We have a PIX 515E running IOS 6.3 with 3 interfaces (inside, dmz & outside).
The inside network is 192.168.1.0 / 24, and the DMZ is 172.16.1.0 /24. All VPN clients are assigned addresses in the range 192.168.10.1 to 192.168.10.254.
Connecting via the Cisco VPN client, we can access all PC's on the 192.168.1.x network. All PC's on the 192.168.1.x network can access the web server on the DMZ (172.16.1.2). However, using the VPN client we cannot connect to the web server on the DMZ. We can telnet to 172.16.1.2 from a command prompt to port 3389 - Terminal Services, but cannot connect using the Terminal Services client.
ALL addresses on the "inside" network are NAT'd to 172.16.1.x addresses when connecting to the DMZ - this works find for all 192.168.1.x PC's - but does not seem to work for 192.168.10.x addresses assigned to VPN clients. We also have an ACL excluding 192.168.1.x to 192.168.10.x traffic from being NAT'd.
The VPN clients are assigned addresses on the 192.168.10.x network. The internal network is 192.168.1.x. The DMZ network is 172.16.1.x. Should the VPN clients be assigned addresses on the 192.168.1.x network ??
I have configured the split-tunnel ACL to allow traffic as follows :
192.168.1.x to 192.168.10.x
192.168.10.x to 172.16.1.x
172.16.1.x to 192.168.10.x
There is also a NAT (inside) 0 split-tunnel ACL statement.
However, I still cant access the DMZ machines using their 172.16.1.x addresses via the VPN client. All 192.168.1.x PC's can access the DMZ machines.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...