https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800913#M496525 <HTML><HEAD></HEAD><BODY><P>Hey, </P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>Maykol Rojas wrote:</P><P></P><P>Hi, </P><P></P><P>What kind of VPN are you using? </P><P></P></PRE><P>The local user access an IPSEC VPN on the REMOTE VPN SERVER.</P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">If the local PC needs to access the Remote service, it will need to connect to the IP address across the tunnel, so the remote service when replies back.&nbsp; <P></P><P>So your zone based should have a policy allowing from the local PC to the Remote service (in-zone to outside) and then another one (Out-zone to in-zone) </P></PRE><P>In ZBF, returning traffic from inspected outgoing traffic is permitted, is this right? Should I allow traffic from the remote LAN although it was permited the traffic from my LAN?</P></BODY></HTML> Thu, 06 Oct 2011 18:17:56 GMT Peter von Nostrand 2011-10-06T18:17:56Z https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800910#M496520 <P>Hello, I have a 3845 router (12.4(13r)T10) with ZBF. On my LAN there is a user who need to access a remote IPSEC VPN server. He is able to get the tunnel but afterwards he cannot connect to any service in the remote LAN. As I'm using zbf I think that I should inspect traffic from my LAN zone to EXT zone, There is a document that describe a solution to this? What IP adressess should I use? Thanks.</P> Mon, 11 Mar 2019 21:33:48 GMT https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800910#M496520 Peter von Nostrand 2019-03-11T21:33:48Z https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800911#M496521 <HTML><HEAD></HEAD><BODY><P>OK, let's try again. </P><P>A user from my local LAN is trying to access a REMOTE SERVICE through a REMOTE VPN SERVER. Since I'm using a Zone Based Firewall, what would be the rules to permit first the connection to the REMOTE VPN SERVER (using IPSEC) and second allow traffic from LOCAL PC to REMOTE SERVICE.</P><P>What IP numbers should I use to the source address? Those provided by the REMOTE VPN SERVER or my LOCAL ones. Any pointers will be appreciated. Thanks.</P><P></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/8/6/9/63968-CISCO-remote-vpn.png" class="jive-image" /></P></BODY></HTML> Wed, 05 Oct 2011 20:14:31 GMT https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800911#M496521 Peter von Nostrand 2011-10-05T20:14:31Z https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800912#M496523 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>What kind of VPN are you using? </P><P></P><P>If the local PC needs to access the Remote service, it will need to connect to the IP address across the tunnel, so the remote service when replies back.&nbsp; </P><P></P><P>So your zone based should have a policy allowing from the local PC to the Remote service (in-zone to outside) and then another one (Out-zone to in-zone) </P><P></P><P>Make sure that the policy is located at first, so other inspections will not hit first. </P><P></P><P>Mike. </P></BODY></HTML> Thu, 06 Oct 2011 05:13:05 GMT https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800912#M496523 Maykol Rojas 2011-10-06T05:13:05Z https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800913#M496525 <HTML><HEAD></HEAD><BODY><P>Hey, </P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>Maykol Rojas wrote:</P><P></P><P>Hi, </P><P></P><P>What kind of VPN are you using? </P><P></P></PRE><P>The local user access an IPSEC VPN on the REMOTE VPN SERVER.</P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">If the local PC needs to access the Remote service, it will need to connect to the IP address across the tunnel, so the remote service when replies back.&nbsp; <P></P><P>So your zone based should have a policy allowing from the local PC to the Remote service (in-zone to outside) and then another one (Out-zone to in-zone) </P></PRE><P>In ZBF, returning traffic from inspected outgoing traffic is permitted, is this right? Should I allow traffic from the remote LAN although it was permited the traffic from my LAN?</P></BODY></HTML> Thu, 06 Oct 2011 18:17:56 GMT https://community.cisco.com/t5/network-security/allow-local-user-access-to-remote-vpn/m-p/1800913#M496525 Peter von Nostrand 2011-10-06T18:17:56Z