topic Re: VPN Client w/ a DMZ in Network Security

VPN Client w/ a DMZ

jfinley — Fri, 21 Feb 2020 09:29:15 GMT

I have a PIX 515 with 3 interfaces (inside,outsize,dmz)

When connecting using the Cisco Client VPN, I can access the inside no problem, however, I cannot access anything on the DMZ. I added the NAT 0 ACL line to include DMZ_network and the VPN_CLIENT_POOL network. I also added the split-tunnel respectively with no success. Any clues what to check? I connect to the PIX w/ the client and try to ping an IP and looking at the NAT 0 ACL, I don't see any hits on that line.

Re: VPN Client w/ a DMZ

acomiskey — Mon, 16 Apr 2007 19:37:43 GMT

You cannot just add the acl line to the existing nat exemption acl because the nat statement is nat ("inside") 0, not DMZ. The best thing to do is to create a second acl for the dmz nat exemption

access-list dmz_nat0_outbound permit ip

nat (DMZ) 0 access-list dmz_nat0_outbound

Re: VPN Client w/ a DMZ

jfinley — Mon, 16 Apr 2007 19:52:35 GMT

DOH! You're right. I sat there for like 20-30 minutes knowing I was overlooking something and as soon as I read "nat('inside') it clicked! Thank you!