I think I'm doing something fairly obvious but hopefully someone can point it out.
We have a PIX 515 with an IPSEC VPN configured. Connecting to the VPN from the outside interface works fine using the outside interface IP and connecting to the VPN using the DMZ interface IP is okay.
What we'd like is to have DMZ users (who are typically wireless in the building) to use the same DNS name to connect from the DMZ as they would from the outside. When they try to connect to the outside IP, it fails.
We are doing static NAT for some server and have an IPSEC VPN configured on the PIX. Beyond the PIX, there is a secondary NAT done on a router to map the 10.20.XX to Internet accessible IP's. Users from the outside network connect to the Internet IP address, which translated to the 10.20.0.10 and are able to authenticate and establish the tunnel fine.
On the DMZ, we have users connected (via WIFI). They are not able to DNS lookup the public IP of the PIX, just the outside one 10.20.0.10. When they attempt to connect to this IP, it fails. If they instead connect to the external public IP, it works.
I also tried attempting to use the DMZ IP, 192.168.2.1 as the VPN endpoint but it doesn't work either.
The outside interface seems to have a NAT for the vpn network
If you would like the VPN for DMZ user to terminated on dmz interface, you need apply the related crypto map to dmz interface like what you did on outside interface. You DMZ user must be able to reach dmz interface IP "192.168.2.1". I am not sure how your DMZ user is connected to your network.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :