Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
2
Replies

VPN to DMZ and various issues

i716
Level 1
Level 1

‎08-10-2018 11:24 PM

Hello,

I have an ASA 5505 with Security Plus license.

There are currently 3 interfaces set up: outside, inside and dmz.

The dmz consists of a few virtual machines and one AP for a guest network (via VLAN on an

Icom AP90M AP). Everything was working fine so far.

Now I have created a new VPN user group with access only to the DMZ. Connection worked fine immediately but the connected user can not access any resources inside the DMZ.

So I searched the internet and found an advice that, by creating an additional NAT rule it should work. And yes, by adding the rule that is disable in the screenshot below and activating it, the VPN to DMZ connection works, but the guest network doesn't get an IP any longer. How can I achieve to get both the VPN and the guest network working?

asa001.png

Labels:
0 Helpful
2 Replies 2

paul driver
VIP
VIP

‎08-11-2018 11:52 AM - edited ‎08-11-2018 11:52 AM

Hello

Where do the guest users obtain their addressing?

Can you elaborate a little on the topology?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

i716
Level 1
Level 1
In response to paul driver

‎08-12-2018 01:01 AM

Hello Paul,

Thanks for your message.

A little bit about the current topology:

Device is an ASA 5505 with security plus license.

Currently has 3 interfaces (Inside, Outside, DMZ)

Inside Network is 192.168.1.1, DMZ is 192.168.2.1

Guest Wifi and some VMs are on the DMZ network.

 

I would like a configuration where I can access the DMZ from Inside (should be possible because the security level is lower - and it even worked yesterday but working suddenly today)

I can VPN to the main network and access all resources. As expected. But the same does not always work with the DMZ. The issue here is that I can contact the server but sometimes (now always) get an "Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:192.168.2.50/50158(LOCAL\(USERNAMEHERE)) dst inside:192.168.1.102/5358 denied due to NAT reverse path failure"

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card