Re: VPN, Routers and DMZ oh my - Help !!!

michael.steiner · ‎12-11-2002

We have several remote offices that connect back to corporate via VPN tunnel using 3002 hardware client at remote sites that connects up to 3005. The ip space at remote offices is 10.6.x.x. The IP space at corporate is 10.5.4.x. Users at remote sites can get to everything here and at other remote sites.

We installed a DMZ here at corporate in the 192.168.1.x space and place web servers, etc. in it. Here at corp. we can get to the DMZ devices from our workstations, however the remote sites cannot. Also if I come in from home via software VPN client I cannot get to the DMZ devices.

I am hoping that this is something that can be fixed?

Can anyone help a poor windows 2000 admin pretending to be a cisco admin :)

Thanks

JUSTIN LOUCKS · ‎12-13-2002

I'm another Win2k admin pretending to be a Cisco admin so maybe this will make sense.

I would try performing a traceroute from one of the clients to a device in the DMZ first and foremost to see where the last successful hop was. Also, you may need to check the default gateway of the 3005 to ensure that it is forwarding all unknown traffic to a router that has static routes to direct traffic to the DMZ subnet. Lastly, does the DMZ router interface have a static route to get back to the 10.6.x.x subnet.

Hope this helps somewhat. I know that troubleshooting problems on the 3005 hardware is not fun...I prefer something with an IOS.

aaronkent · ‎03-07-2003

You have to add routes from the VPN to the dmz, etc...

Have you implemented split tunneling? Obviously it works to 10.5.4.x., so just do the same thing for the 192.168.1.x, but if there is no direct hop, you have to tinker, and if you go through a firewall, make sure it knows how to respond.