Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Accessing DMZ through a SSL VPN

Hello,

I set up WebVPN on a 1811 router. It works fine to access the LAN (10.1.114.0/24), but I am unable to join the DMZ (192.168.22.0/24), whereas it works if I am physically connected to the LAN so I don't think it comes from my ACLs ! I can't understand why... I guess something dealing with tcp sessions, not "recognized" properly when coming from the VPN ? Here is the result of a "debug ip packet" from my SSL VPN connection to a mail server in the DMZ :

Feb 12 15:49:26.204: IP: tableid=0, s=10.1.114.146 (local), d=192.168.22.7 (Vlan22), routed via FIB

Feb 12 15:49:26.204: IP: s=10.1.114.146 (local), d=192.168.22.7 (Vlan22), g=192.168.22.7, len 48, forward

Feb 12 15:49:26.204: TCP src=2086, dst=25, seq=854948936, ack=0, win=65535 SYN

Feb 12 15:49:26.204: %SEC-6-IPACCESSLOGP: list 102 denied tcp 192.168.22.7(25) -> 10.1.114.146(2086), 1 packet

Feb 12 15:49:26.204: IP: s=192.168.22.7 (Vlan22), d=10.1.114.146, len 48, access denied

Feb 12 15:49:26.204: TCP src=25, dst=2086, seq=2435898321, ack=854948937, win=5840 ACK SYN

1 REPLY
Silver

Re: Accessing DMZ through a SSL VPN

The security appliance receives the packet and because it is a new session, the security appliance verifies that the packet is allowed according to the terms of the security policy (access lists, filters, AAA) and check if you have applied a NAT policy.

109
Views
0
Helpful
1
Replies
CreatePlease login to create content