Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
1
Replies

weird vpn

sergiu.campian
Level 1
Level 1

‎06-10-2010 02:17 AM

     Hi,

I have a client with an 5510 ASA with three interfaces configured: outside, dmz and inside. Outside and dmz are real ip addresses. The client wants a remote vpn to the network. The IP the vpn clients must connect to is the IP of the dmz interface of the ASA and they must have access to the inside network. I can't seem to make this work. What do I need to configure for this? I tried a vpn on the dmz interface and access-lists allowing access to the interface from the outside but it doesn't work. I also tried a dynamic nat policy stating that anything coming on the outside interface for the dmz interface ip is to be translated to the outside interface ip and I configured the vpn on the outside interface but this doesn't work either. Any ideas?

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎06-10-2010 06:41 AM

Hi,

You can do any combination of the above.

If you have a public IP on one interface of the ASA (outside or DMZ) and is reachable via Internet, then you can terminate the VPN on either interface.

Then, with or without NAT you can access resources on any other interface. I have done it a lot of times.

Please explain a little bit better what are you trying to do.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents