Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
0
Helpful
3
Replies

VPN Termination on an interface other than "outside"

peter.sprygada
Level 1
Level 1

‎11-06-2000 08:30 AM - edited ‎02-21-2020 11:14 AM

I have a rather perplexing situation here. I have a customer that is terminating VPN connections on a PIX520 with six interfaces. The VPN works great when terminating on the outside interface. We need to terminate a different VPN on one of the "dmz" interfaces. We are able to get the tunnel up and running just fine; however, the dynamic ACL that is being built will only allow ICMP traffic. We are currently running 5.2(2) code. Has anyone ever tried this and gotten it to work properly?? Right now we have the TAC engineers completely stumped.

Labels:
0 Helpful
3 Replies 3

tterrance
Level 1
Level 1

‎11-08-2000 09:54 AM

Sounds like a bug. Has your TAC engineer sent this to the development team?

0 Helpful

s.munzani
Level 1
Level 1

‎01-02-2001 01:43 PM

I have done it a few times using NAT 0 commands. Keep VPN terminating outside but in your interesting traffic create access-list that address traffic from DMZ to your remote site. Also include this in NAT 0 command to bypass NAT for this traffic. With 5.2 it works great. It doesn't work with PL-COMPATIBLE.

Sam

0 Helpful

ozan.ocal
Level 1
Level 1

‎01-05-2001 08:23 AM

Hi Peter,

I think this is an IOS issue on the FW. In order to terminate the VPN on one of the inside interfaces you may check the release notes of the IOS.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents