VPN Termination on an interface other than "outside"
I have a rather perplexing situation here. I have a customer that is terminating VPN connections on a PIX520 with six interfaces. The VPN works great when terminating on the outside interface. We need to terminate a different VPN on one of the "dmz" interfaces. We are able to get the tunnel up and running just fine; however, the dynamic ACL that is being built will only allow ICMP traffic. We are currently running 5.2(2) code. Has anyone ever tried this and gotten it to work properly?? Right now we have the TAC engineers completely stumped.
Re: VPN Termination on an interface other than "outside"
I have done it a few times using NAT 0 commands. Keep VPN terminating outside but in your interesting traffic create access-list that address traffic from DMZ to your remote site. Also include this in NAT 0 command to bypass NAT for this traffic. With 5.2 it works great. It doesn't work with PL-COMPATIBLE.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...