Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

weird vpn


I have a client with an 5510 ASA with three interfaces configured: outside, dmz and inside. Outside and dmz are real ip addresses. The client wants a remote vpn to the network. The IP the vpn clients must connect to is the IP of the dmz interface of the ASA and they must have access to the inside network. I can't seem to make this work. What do I need to configure for this? I tried a vpn on the dmz interface and access-lists allowing access to the interface from the outside but it doesn't work. I also tried a dynamic nat policy stating that anything coming on the outside interface for the dmz interface ip is to be translated to the outside interface ip and I configured the vpn on the outside interface but this doesn't work either. Any ideas?


Re: weird vpn


You can do any combination of the above.

If you have a public IP on one interface of the ASA (outside or DMZ) and is reachable via Internet, then you can terminate the VPN on either interface.

Then, with or without NAT you can access resources on any other interface. I have done it a lot of times.

Please explain a little bit better what are you trying to do.