02-06-2008 03:02 PM - edited 02-21-2020 03:32 PM
Hi, I was able to migrate my VPN clients off of the VPN 3030 Concentrator and onto the ASA 5520. THe problem I have is now the ASA sees these VPN clients coming from my outside interface and they can't get to the DMZ because I made specific NAT's and rules for the inside. Is there a way to make the VPN client's network seems like it's coming from the inside network?
Solved! Go to Solution.
02-07-2008 03:30 AM
You are welcome Daniel.
Please do not forget to rate the post and choose "resolved my problem" which was helpful and resolved your problem.
Regards
02-06-2008 04:27 PM
Hi Daniel
No, there is no way for making VPN network seems like its coming from inside network, yet you dont need to. All you have to do is specifying NAT entry for DMZ interface for your VPN pool. A common way is exempt nat like following.
access-list dmz_nat0_outbound permit ip yourdmznetwork dmznetmask vpnpool vpnpoolnetmask
nat (DMZ) 0 access-list dmz_nat0_outbound
Regards
02-06-2008 05:02 PM
Thanks husycisco, it's working now!
02-07-2008 03:30 AM
You are welcome Daniel.
Please do not forget to rate the post and choose "resolved my problem" which was helpful and resolved your problem.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide