I gents I have a vpn tunnel in one of the PIX wich is working propperly. The fact is the vpn connections can get tru the inside interface , but they don't see the dmz . This is my configuration: access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.5.0
255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.6.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.6.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0 access-list nonat_acl permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list nonat_acl permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0ip address outside 10.200.100.253 255.255.0.0 ip address inside 192.168.1.1 255.255.255.0 ip address intf2 192.168.20.1 255.255.255.0 global (outside) 1 interface global (intf2) 1 interface nat (inside) 0 access-list nonat_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (intf2) 1 0.0.0.0 0.0.0.0 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 10.200.100.250 1 route outside XX.XX.XX.XX 255.255.255.255 10.200.100.190
Does NAT cut the traffic ? do I have to make a special rule for the incoming vpn connections ? now the access-list for those connections look like this
access-list remote_acl permit ip 192.168.1.0 255.255.255.0 192.168.5.0
255.255.255.0 access-list remote_acl permit icmp 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0So , will it be enough to add a line with the dmz ip address ?
Thanks for any help you can provide me .