Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Site to Site VPN allowing access to Citrix Server

Hi NetPro

Trying to setup a Site to Site VPN to allow remote site access to the DMZ, checked cisco.com Site could not find any Sample configuration using the "command line" any pointer on the Site or Sample configs will be appreciated.

Regards

Hash

2 REPLIES
Silver

Re: Site to Site VPN allowing access to Citrix Server

First configure NAT. After this the access-list x has to allow traffic comming from the dmz network to the remote site. example:

dmz net: 10.20.30.0

remote net: 10.20.40.0

Our acls must be

access-list nonat_dmz permit ip 10.20.30.0 255.255.255.0 10.20.40.0 255.255.255.0

nat (dmz) 0 access-list nonat_dmz

Then the sysopt connection permit-ipsec, is to allow traffic comming from outside to our inside networks.

sysopt connection permit-ipsec:

Implicitly permit any packet that came from an IPSec tunnel and bypass the checking of an associated access-list, conduit, or access-group command statement for IPSec connections.

Green

Re: Site to Site VPN allowing access to Citrix Server

Along with nat exemption, you must also add the interesting traffic to your crypto acl on both devices.

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806a5cea.shtml

138
Views
0
Helpful
2
Replies
CreatePlease to create content