11-14-2003 03:22 PM - edited 02-21-2020 12:52 PM
I'd like to know wether it's possible to have a vpn tunnel ending on a DMZ interface rather then the inside interface of a 3-way pix. All configuration examples I found route the traffic from the VPN client somewhere on the internet to the inside interface of the pix. I tried a nonat access-list from dmz to vpn client, but that does not work. I think because the vpn traffic goes to the highest security interface per definition. Am I right ?
Solved! Go to Solution.
11-22-2003 05:32 PM
11-15-2003 12:25 PM
You can have vpn tunnels to all Pix interfaces and every interface can be configured individually but isakmp must be enabled per interface and a valid crypto map must be applied, toghether with vpngroup commands and isakmp policy. For further information You should describe you scenatio in more detail, where are the vpn client, on the dmz or they are on the outside and you neet to make them access to the dmz protecting the traffic with ipsec?
Bye
11-16-2003 11:29 AM
Hi,
What I want is a VPN tunnel between my VPN windows client somwhere on the internet and the outside interface of my pix. I then want the traffic to go NOT to the inside interface, but to the DMZ interface. (outside : lowest security, inside : highest security) My DMZ has a private address range.
Regards,
Sjouke
11-22-2003 05:32 PM
hi,
you can do this by use (nat 0 dmz x.x.x.x y.y.y.y)
11-22-2003 06:10 PM
Hi,
I did this and it works fine. What is the method to reduce the clients access to the dmz or the inside for that matter ? Should I use the access-list inout in interface inside, or the access-list outin in interface outside or the nonat list to get this done ? (say I only want the client to access a machine on the central Lan through a telnet session) I've tried several things with the nonat list, but then I don't get the traffic through anymore.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide