cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1018
Views
0
Helpful
0
Replies

ASA pass-through L2TP ipsec to dmz

Hi

we have VPN server( Router l2tp ipsec ) on the DMZ interface, we want to allow vpn l2tp ipsec traffic to pass through outside to Dmz

 

my sample config :

 

object network vpn-router

host 192.168.1.200

nat (dmz,outside) static *.*.*.* (public ip address )

 

access-list outside-to-in extended permit ip any any ( for test , i allow all traffic to in )

access-group  outside-to-in in interface outside

 

access-list mpf extended permite  udp any any 4500

access-list mpf extended permite  udp any any 500

access-list mpf extended permite  esp any any 

access-list mpf extended permite  ah any any

 

class-map mpf-class

match access-list mpf

 

policy-map global_policy

class mpf-class

inspect ipsec-pass-thru

 

service-policy global_policy global

 

 

BUT :

NO any vpn clients connect from outside

 

0 REPLIES 0
Create
Recognize Your Peers
Content for Community-Ad