Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site-to-Site VPN to DMZ

I have two sites UK/France that terminate on my ASA5510. They need access to our webservers in the DMZ. My configuration for the sites on my ASA are as follows:

access-list No-NAT-DMZ extended permit ip 172.16.110.0 255.255.255.0 object-group UK-Networks (192.168.0.0/24)

access-list No-NAT-DMZ extended permit ip 172.16.110.0 255.255.255.0 object-group France-Networks (192.168.10.0/24)

access-list DMZ extended permit ip host iis-public-in01 object-group UK-Networks

access-list DMZ_access_out extended permit ip object-group UK-Networks host iis-public-in01

I'm not sure if my European counterparts have changed their settings as this has worked before. Now, they cannot see our webservers.

4 REPLIES
Green

Re: Site-to-Site VPN to DMZ

A few questions.

1. What are the access-group commands associated with your dmz acl's?

access-group DMZ in interface DMZ?

access-group DMZ_access_out out interface DMZ?

2. Is iis-public-in-01 a 172.16.110.x address? If not, it should be.

New Member

Re: Site-to-Site VPN to DMZ

1. You are correct

2. IIS-public-in01 is a 172.16.110.x/24 address

Cisco Employee

Re: Site-to-Site VPN to DMZ

Hello Jason,

Do you see the IPSEC SA Built for the two location mentioned above. Also, what do you see under encrypts and decrypts.

Below is an URL that has information on some of the most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Regards,

Arul

** Please rate if it helps **

New Member

Re: Site-to-Site VPN to DMZ

The UK firewall was not passing that subnet over to us. They recently upgraded and missed that statement.

Thanks for the assistance.

329
Views
6
Helpful
4
Replies