Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1440
Views
0
Helpful
0
Replies

ASA pass-through L2TP ipsec to dmz

hamidreza.taghipur
Level 1
Level 1

‎11-15-2020 12:24 AM

Hi

we have VPN server( Router l2tp ipsec ) on the DMZ interface, we want to allow vpn l2tp ipsec traffic to pass through outside to Dmz

 

my sample config :

 

object network vpn-router

host 192.168.1.200

nat (dmz,outside) static *.*.*.* (public ip address )

 

access-list outside-to-in extended permit ip any any ( for test , i allow all traffic to in )

access-group  outside-to-in in interface outside

 

access-list mpf extended permite  udp any any 4500

access-list mpf extended permite  udp any any 500

access-list mpf extended permite  esp any any 

access-list mpf extended permite  ah any any

 

class-map mpf-class

match access-list mpf

 

policy-map global_policy

class mpf-class

inspect ipsec-pass-thru

 

service-policy global_policy global

 

 

BUT :

NO any vpn clients connect from outside

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card