09-28-2004 07:51 PM - edited 02-21-2020 01:22 PM
Hi,
My remote vpn access can only allow access the inside segment and not others (eg. dmz).
Anyone has any idea how to do that?
Million Thanks.
09-28-2004 10:32 PM
You should use nat0 command to grant translation from dmz area to VPN pool.
My configuration is as follows:
nat (dmz2) 0 access-list nat0dmz2
access-list nat0dmz2 permit ip any 10.48.5.0 255.255.255.0 (where 10.48.5.0 is VPN pool)
It should work.
09-28-2004 10:33 PM
you'll have something like the following in your config:
access-list nonat permit ip
nat (inside) 0 access-list nonat
Add the following:
access-list nonatdmz permit ip
nat (dmz) 0 access-list nonatdmz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide