Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN setup

There are 2 sites: Location A & Location B

( Location B is shown as small rectangle in bottom left corner & rest all are part of Loc A)

If ssl based vpn is to be done at Loc A, users coming in from internet would come through internet router and to the ssl f.w with public ip 65.23.14.56.

Users will be given 192.168.2.0/24 ip pool address for vpn.

There is another f.w which connects to internal lan. The connection between these zones is through a connecting zone(ip's as given in diagram).

Now requirement is that any user connecting via this vpn should be able to access certain services at Loc B (includes icmp,ssh,traceroute )alongwith other servers.

Please help me understand what to configure on both vpn f.w & internal f.w to enable this access.

It would help me if some sample firewall rules(nat,acl) can be given based on the given situation.

Thanks.

2 REPLIES
Bronze

Re: VPN setup

You have to configure routing to the network B and ACL in firewall to allow the certain services. You also want to configure Static NAT if you configured already then no issues.

You have to apply the ACL on the inside interface in firewall which in coming from internet.

New Member

Re: VPN setup

Is it wise to configure access rules on both ssl firewall & internal firewall?

Or to have more specific rules on the internal firewall?

Which one of these or any other method is more efficient.

Thanks.

129
Views
2
Helpful
2
Replies