Hi
we have VPN server( Router l2tp ipsec ) on the DMZ interface, we want to allow vpn l2tp ipsec traffic to pass through outside to Dmz
my sample config :
object network vpn-router
host 192.168.1.200
nat (dmz,outside) static *.*.*.* (public ip address )
access-list outside-to-in extended permit ip any any ( for test , i allow all traffic to in )
access-group outside-to-in in interface outside
access-list mpf extended permite udp any any 4500
access-list mpf extended permite udp any any 500
access-list mpf extended permite esp any any
access-list mpf extended permite ah any any
class-map mpf-class
match access-list mpf
policy-map global_policy
class mpf-class
inspect ipsec-pass-thru
service-policy global_policy global
BUT :
NO any vpn clients connect from outside