Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
2
Replies

VPN on DMZ

saluko
Level 1
Level 1

‎04-16-2002 08:46 AM - edited ‎02-21-2020 11:41 AM

Can vpn be terminated on a dmz if the address on that particular dmz is legal and registered?

The connection works on the outside interface, however, when i tried moving it to a dmz it didnt work even though the dmz's ip is register and I configured the pix as follows:

crypto map mymap interface dmz

isakmp enable dmz

isakmp client configuration address-pool local ipsecpool dmz

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

brad
Level 1
Level 1

‎04-16-2002 09:49 AM

You can terminate a VPN on any interface. You can even apply crypto maps to every interface independantly. Also note, the name 'dmz' is just a tag. You could rename the Interface to 'VPN'.

I suspect your problem is with Routing.

If you are tunneling private addresses, you will need to add a route for the remote LAN through the DMZ interface. You generally do not need this route when the crypto-map is applied to the outside interface because the remote LAN would be included in the default route statement (0.0.0.0).

For example: If you were to apply the crypto-map to the outside interface, but only configure a specific route for the peer network's public IP address, the connection would fail. You would have to add a route for the peer network's internal addressing as well.

0 Helpful

saluko
Level 1
Level 1
In response to brad

‎04-17-2002 12:20 AM

Thanks Brad, I'll check my routing and let you know the outcome.

0 Helpful
Customers Also Viewed These Support Documents