Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco PIX 515e - VPN

Hello,

We have configured vpn remote access on Cisco PIX 515e for all users to dial in to our internal network servers.

When i connect through vpn, i can access all my servers in the DMZ zone. But i cannot access any server in my Internal Network.

Can you please guide, if there is any rule required to allow this or so ?

Thanks in advance.

Kalpesh

1 REPLY
New Member

Re: Cisco PIX 515e - VPN

Kalpesh-

Let's say that the DMZ is 10.0.0.0 /24 and your Inside network is 192.168.1.0 /24. Lastly, the DHCP scope for your VPN clients is 192.168.100.0 /24.

You would need to have two NAT statements in order for the VPN users to reach both networks:

nat(dmz) 0 access-list DMZNONAT

nat (inside) 0 access-list INSIDENONAT

(or whatever you want to call the ACLs)

Then, setup your access-lists:

access-list INSIDENONAT extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list DMZNONAT extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.255.255.0

If you are using split-tunneling you will need to add a line to the split-tunnel ACL for your inside network as well:

access-list SPLIT-TUNNEL standard permit 192.168.1.0 255.255.255.0

That should do it.

HTH,

Paul

96
Views
0
Helpful
1
Replies