Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can a vpn client access my email server on DMZ Int ??

Hi people,

I have a 515r Pix with 6.3 version, and I have some remote users via vpn client accessing my internal network, fine, however I need that users can access my mail server which is in my DMZ interface, how can I do that ??

any help will be very useful.

thanks in advanced

martin

1 REPLY
Gold

Re: Can a vpn client access my email server on DMZ Int ??

1. create a new acl for dmz no-nat

2. add the dmz subnet to the remote vpn crypto acl

e.g.

access-list 110 permit ip 10.1.1.0 255.255.255.0

access-list 120 permit ip 10.1.1.0 255.255.255.0

access-list 120 permit ip 10.1.1.0 255.255.255.0

ip local pool vpnpool 10.1.1.11-10.1.1.15

nat (DMZ) 0 access-list 110

vpngroup vpnclient address-pool vpnpool

vpngroup vpnclient split-tunnel 120

vpngroup vpnclient idle-time 1800

vpngroup vpnclient password ********

143
Views
0
Helpful
1
Replies
CreatePlease login to create content