Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
3
Replies

IPSec access over PIX inside interface

Go to solution
zroth
Level 1
Level 1

‎07-14-2005 02:44 AM - edited ‎02-21-2020 01:52 PM

Hi all,

I need advice with the following problem.

I have PIX 515E with 3 interfaces inside,

DMZ and outside,vers 6.3(3).Is it possible to access DMZ over inside interface with IPSec from CISCO VPN client ? IPSec makes a tunnel,the client

has a new address from address pool,but

in the log I have a message : No translation found etc.. when I try to

reach any device in DMZ.The reason seems

to be with nat (dmz) 0 which should be from DMZ to inside (secu 50 to secu 0).Even if I use nat (dmz) 0 access-list remote outside it does not work.Any hints ?

Thanks

Zdenek

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ciscokrishna
Level 1
Level 1

‎07-14-2005 03:15 AM

Hi,

Can you check if you are able to access DMZ from inside?? If yes, then u shud be able to access DMZ from the remote connection. This is because, once the VPN client gets the IP address of the inside pool, it is as good as it is in your inside LAN. You can try putting inside to DMZ natting... i mean to say put that nat 0 command for inside to DMZ... this will allow the access of DMZ machines from inside.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ciscokrishna
Level 1
Level 1

‎07-14-2005 03:15 AM

Hi,

Can you check if you are able to access DMZ from inside?? If yes, then u shud be able to access DMZ from the remote connection. This is because, once the VPN client gets the IP address of the inside pool, it is as good as it is in your inside LAN. You can try putting inside to DMZ natting... i mean to say put that nat 0 command for inside to DMZ... this will allow the access of DMZ machines from inside.

0 Helpful

Go to solution
zroth
Level 1
Level 1
In response to ciscokrishna

‎07-15-2005 06:20 AM

Hi,

I would like to thank you.My client received an IP address from local pool,let us to say 192.168.30.1

and wanted to connect to the server 172.20.2.2 in DMZ.I configured nat (dmz) 0 access-list test outside ,with access-list test perm ip host 172.20.2.2 host 192.168.30.1.No traffic.Then I configured nat (inside) 0 access-list nonat,where

access-list nonat was perm ip host 192.168.30.1 host 172.20.2.2 and sudennly is everything OK.

Thanks a lot.

Zdenek

0 Helpful

Go to solution
ciscokrishna
Level 1
Level 1

‎07-15-2005 06:50 AM

Cool... thanks for the rating. happy networking.

0 Helpful
Customers Also Viewed These Support Documents