DMZ to VPN (Outside)

NetworkGuy! · ‎12-04-2018

Hi

My setup is at follows

Inside-------Firewall

|

Guest DMZ

Now if i wanted to VPN (anyconnect) from Guest DMZ to Firewall on the outside public address - is it possible? we have only 1 publi address and same address is used for NATting Inside and Guest networks

I have enabled same-security intra interface and does not work

Abheesh Kumar · ‎12-04-2018

Hi,
So you would like to enable remote access vpn (anyconnect ) for Guest DMZ users right...?

NetworkGuy! · ‎12-05-2018

I am not sure if I understand your question but I want Guest DMZ users to be able to anyconnect back in to the public interface, got it?

Abheesh Kumar · ‎12-05-2018

So from public Internet you need to connect to Guest DMZ network via anyconnect. I think this is what you are planning to achieve.
This can be possible by enabling remote access vpn on OUTSIDE interface and allow the VPN-Pool(anyconnect Pool) to access Guest DMZ subnet.

HTH
Abheesh

NetworkGuy! · ‎12-06-2018

No! I need to access anyconnect from DMZ Guest network

basically imagine the dmz subnet is 192.168.1.0/24 and when it leaves the firewall its NATd to 102.1.1.1 - I need users from 192.168.1.0/24 to connect to anyconnect on 102.1.1.1 (outside interface of firewall where anyconnect is running)

Abheesh Kumar · ‎12-06-2018

Hi,
You cannot do anyconnect from DMZ to your own outside interface.

HTH
Abheesh