Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
0
Helpful
1
Replies

Firepower site to site vpn from a DMZ to an external site

vicnetnoc
Level 1
Level 1

‎07-30-2019 09:45 PM - edited ‎02-21-2020 09:21 AM

Hi Folks

I am trying to setup a site to site VPN from a DMZ using a internal IP range NATed to an external IP number. Is this possible? I seem to be running into numerous difficulties when attempting to do this. The VPN tunnel is up and the other end can ping my end but I cannot ping to their end. 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-30-2019 10:00 PM

Can you check "show crypto ipsec sa" to confirm the source and destination subnets have valid SAs?

Also check your NAT configuration to make sure you are treating the addresses as intended with respect to NAT.

If that all looks good then try a packet-tracer on the traffic and see how the device expects to handle it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card