Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client cannot connect to DMZ

I have a PIX with three lan cards: inside, dmz and Outside. The vpn client connect and work fine with my services in the inside lan, but i can't connect with my web servers in DMZ. Only connect to this server if disconnect the VPN.

i test many options of split tunnell, routes and other and nothing.

3 REPLIES
Cisco Employee

Re: VPN Client cannot connect to DMZ

Ussualy to reach the inside, you need a nat(inside) 0 access-list statement, make sure you also have a nat(dmz) 0 access-list statement, and make sure that the DMZ knows to send reply for the ip vpn pool back to the dmz interface of the pix..

Regards,

New Member

Re: VPN Client cannot connect to DMZ

I have nat (inside) 0 access-list and nat (dmz) 0 access-list, and a static route to vpn pool.

New Member

Re: VPN Client cannot connect to DMZ

I had a similiar problem. I was using a private address pool on the VPN (10.1.13.0)

Got around this problem by :

nat (inside) 6 10.1.13.0 255.255.255.0 0 0

global (DMZ1) 6 10.1.13.1-10.1.13.254

You can assign a different address range to the global statement and avoid the warning about start and end addresses.

110
Views
0
Helpful
3
Replies
CreatePlease login to create content