Solved: Re: VPN from DMZ interface to Outside interface

craig-mitchell · ‎03-21-2011

Have an ASA 5510. Setting up a new DMZ zone for wireless and it will only have Internet access. Can someone explain the steps to me so that users on this new DMZ subnet can VPN into the Outside interface on the same ASA? Thank you!

Sent from Cisco Technical Support iPhone App

PAUL GILBERT ARIAS · ‎03-21-2011

You can't VPN to the outside interface. The ASA doesn't allow that if you are on the inside or DMZ, you have to be somewhere on the outside to allow VPN to the outside. You could enable the configuration to allow VPN session to the DMZ interface instead.

I hope this helps.

View solution in original post

PAUL GILBERT ARIAS · ‎03-21-2011

You can't VPN to the outside interface. The ASA doesn't allow that if you are on the inside or DMZ, you have to be somewhere on the outside to allow VPN to the outside. You could enable the configuration to allow VPN session to the DMZ interface instead.

I hope this helps.

craig-mitchell · ‎03-22-2011

Okay, so I could just apply the same crypto map that is on my outside interface to this new DMZ interface and then just issue a new pcf file for the clients to use when they are on the DMZ wireless network?

Sent from Cisco Technical Support iPhone App

PAUL GILBERT ARIAS · ‎03-22-2011

That is correct

Sent from Cisco Technical Support iPhone App

craig-mitchell · ‎03-23-2011

One other related question. How could I allow traffic from this new wireless DMZ to access resources that are already being served to the Internet such as a web server. Is there a way to allow this hairpin traffic to exit the ASA and come back in? Thanks.

Sent from Cisco Technical Support iPhone App