Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
278
Views
0
Helpful
1
Replies

Cisco PIX 515e - VPN

ciscokalpesh
Level 1
Level 1

‎01-20-2009 05:29 AM

Hello,

We have configured vpn remote access on Cisco PIX 515e for all users to dial in to our internal network servers.

When i connect through vpn, i can access all my servers in the DMZ zone. But i cannot access any server in my Internal Network.

Can you please guide, if there is any rule required to allow this or so ?

Thanks in advance.

Kalpesh

Labels:
0 Helpful
1 Reply 1

pstebner10
Level 1
Level 1

‎01-21-2009 07:49 AM

Kalpesh-

Let's say that the DMZ is 10.0.0.0 /24 and your Inside network is 192.168.1.0 /24. Lastly, the DHCP scope for your VPN clients is 192.168.100.0 /24.

You would need to have two NAT statements in order for the VPN users to reach both networks:

nat(dmz) 0 access-list DMZNONAT

nat (inside) 0 access-list INSIDENONAT

(or whatever you want to call the ACLs)

Then, setup your access-lists:

access-list INSIDENONAT extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list DMZNONAT extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.255.255.0

If you are using split-tunneling you will need to add a line to the split-tunnel ACL for your inside network as well:

access-list SPLIT-TUNNEL standard permit 192.168.1.0 255.255.255.0

That should do it.

HTH,

Paul

0 Helpful
Customers Also Viewed These Support Documents