Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Tunnel to DMZ

hi there,

I work with a PIX 515. I habe vpn (L2TP/IPsec) configured to terminate on the outside interface and this just work perfectly fine. the user can establish a connection and access the necessary host on inside and dmz.

now I woul like to move the tunnel termination to an permiter interface, f.e. vpn.

I have changed the following entries, but it still doesn't work.

vpdn enable vpn

isakmp enable vpn

crypto map partner-map interface vpn

checking the log file of the syslog server shows that the udp inbound connection to the vpn interface ip could be established succesfully (on port 1701) but it seems like the firewall doesn't respond to this request.

any advice?

(by the way: substituting the perimeter vpn to outside in the entries above and vpn tunnel can be established successfully by the remote clients)

thanks

hans

1 REPLY
Cisco Employee

Re: VPN Tunnel to DMZ

I think you forgot NAT(interface name) 0 access-list # .

Regards,

92
Views
0
Helpful
1
Replies
CreatePlease login to create content