vpn between guest dmz network and inside

Bekzod Fakhriddinov · ‎05-19-2015

Hi guys , I have some issues when i try establish anyconnect vpn client from guest dmz network to inside network.

1 When I am connecting from outside then vpn client is connecting to outside int ip , when from inside vpn client connect to inside ip , is it mean that when I connect from guest_dmz vpn client must connect to guest_dmz interface ip ? for now I can not connect to inside network from guest_dmz (even ping inside int ip ) also I have permit ip any any in guest _dmz ..

2 And I don't need any NAT to exclude NAT for this , right ?

3 Should vpn connections go between guestdmz interface -to_inside or guestdmz interface--external--to_inside ?

Thank you

Vibhor Amrodia · ‎05-19-2015

Hi,

VPN client is to be connected to the ASA interface where you have the client connecting to the ASA from i.e. as per the routing table.

Normally , it is the Outside interface because of the Default route.

You would not be able to connect to the Far End interface on the ASA device as that is not permitted by default and you would not be able to allow that as well.

2) Yes , you won't need any NAT statement for this as this is not possible to configure.

Normally , VON clients connect to the Outside interface and then you can enable the access for them to your Inside and DMZ subnet as per your requirement.

Thanks and Regards,

Vibhor Amrodia

Bekzod Fakhriddinov · ‎05-20-2015

"VPN client is to be connected to the ASA interface where you have the client connecting to the ASA from i.e. as per the routing table" so if I connect from guestdmz vpnclient app need to establish connection to guestdmz interface ip , right ?

I use domain name to connect , where that domain name must be auto changed to ip , DNS server ?

for now I used ip of guestdmz interface to connect , i am connected successfully but vpn client give me warning that this is untrusted site . How can I make it trusted ?

Thank you