08-13-2020 08:33 AM
Is it not possible to have a DMZ interface when using Easy VPN?
08-13-2020 09:03 AM
Hi,
Yes, no reason why not on older software versions. However Easy VPN is EOL and no longer supported.
https://www.cisco.com/c/en/us/obsolete/security/cisco-easy-vpn.html
HTH
08-13-2020 09:22 AM
Cisco Adaptive Security Appliance Software Version 9.8(2)
Firepower Extensible Operating System Version 2.2(2.52)
Device Manager Version 7.8(2)
Brand new unit Easy VPN is still there and works fine.
I've been using it for years but this is there first time I've had a requirement for a DMZ interface also.
packet-tracer input DMZ tcp 192.168.206.101 12345 209.244.0.3 53
Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop x.x.x.x using egress ifc outside
Phase: 2
Type: NAT
Subtype:
Result: ALLOW
Config:
object network OBJ-NAT-DMZ
nat (DMZ,outside) dynamic interface
Additional Information:
Dynamic translate 192.168.206.101/12345 to x.x.x.x/12345
Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: VPN
Subtype: ipsec-tunnel-flow
Result: DROP
Config:
Additional Information:
Result:
input-interface: DMZ
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
08-13-2020 09:58 AM
08-13-2020 10:01 AM
08-13-2020 10:04 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide