09-26-2013 06:18 AM - edited 03-11-2019 07:43 PM
Hey all,
I got the following problem:
With the current configuration my PVN clients cannot access the DMZ (inside network is working).
When I add the following nat rule: nat (inside,outside) source static any any destination static VPN_pool VPN_pool
it works, but now the server in the DMZ cannot access server in the internal network.
What can I do?
Thanks in advance.
09-26-2013 06:24 AM
Hi,
I would suggest specifying the actual source networks behind "inside" and "dmz" interface in the NAT configuration instead of using "any"
If you actuall have a "dmz" interface then you naturally have to make a NAT configuration for it too for the connections from VPN Clients to work.
Lets say we have network 10.0.0.0/24 on the "inside" and network 192.168.0.0/24 on the "dmz"
Then the VPN related NAT configuration might look something like this
object network INSIDE
subnet 10.0.0.0 255.255.255.0
object network DMZ
subnet 192.168.0.0 255.255.255.0
nat (inside,outside) source static INSIDE INSIDE destination static VPN_pool VPN_pool
nat (dmz,outside) source static DMZ DMZ destination static VPN_pool VPN_pool
Its naturally also possible that some other NAT configuration is causing problems here.
But presuming other configurations on the firewall are correct then the above NAT configurations should be the correct ones for VPN access.
- Jouni
09-26-2013 11:10 PM
Hey Jouni,
still have the same problem.
Enclosed my NAT configuration:
nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
nat (DMZ,outside) source static DMZ DMZ destination static VPN-POOL VPN-POOL
nat (DMZ,outside) static x.x.x.x
nat (DMZ,outside) static x.x.x.x
some more statics
nat (inside,outside) dynamic OUTSIDE_Addresses
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide