503 dmz+vpn issues|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||
|
Posted by Sako on December 14, 2005, 11:19 am
Please log in for more thread options
propperly. The fact is the vpn connections can get tru the inside interface , but they don't see the dmz . This is my configuration: access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.6.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.6.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 ip address outside 10.200.100.253 255.255.0.0 ip address inside 192.168.1.1 255.255.255.0 ip address intf2 192.168.20.1 255.255.255.0 global (outside) 1 interface global (intf2) 1 interface nat (inside) 0 access-list nonat_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (intf2) 1 0.0.0.0 0.0.0.0 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 10.200.100.250 1 route outside XX.XX.XX.XX 255.255.255.255 10.200.100.190 Does NAT cut the traffic ? do I have to make a special rule for the incoming vpn connections ? now the access-list for those connections look like this access-list remote_acl permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list remote_acl permit icmp 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0 So , will it be enough to add a line with the dmz ip address ? Thanks for any help you can provide me . | |||||||
| Similar Threads | Posted |
| 503 dmz+vpn issues | December 14, 2005, 11:19 am |
| 503 dmz+vpn issues | December 14, 2005, 11:19 am |
| NAT issues | March 12, 2007, 9:29 pm |
| VPN Issues on 837 | March 23, 2007, 9:08 am |
| ASA OS QA issues?? | May 30, 2007, 1:18 pm |
| BGP issues | June 27, 2008, 3:59 pm |
| Cisco VPN issues | August 2, 2005, 6:30 pm |
| VLAN Issues | September 22, 2005, 4:18 pm |
| IOS ipsec issues | October 11, 2005, 2:59 am |
| PIX 501 newbie (VPN issues) | October 31, 2005, 4:38 pm |
| VPN Internet Issues | January 8, 2006, 8:56 am |
| VPN Internet Issues | January 8, 2006, 8:55 am |
| VPN Internet Issues | January 8, 2006, 8:57 am |
| cisco 837 ip issues | January 26, 2006, 2:00 pm |
| Switch Issues | March 10, 2006, 6:01 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |