Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
1
Replies

PIX 506e VPN from DMZ back to Inside for Wireless

SomeClown
Level 5
Level 5

‎02-22-2006 08:44 PM - edited ‎02-21-2020 02:16 PM

Greetings,

I have an IPSEC VPN set up on a PIX 506e for inbound traffic into the inside of the network. I also have a DMZ set up for wireless, trunked from a 2950. The wireless DMZ works great, and outside access works from both the inside and the DMZ. Inbound VPN works great, but not from a laptop connected wirelessly in the DMZ. The whole point here is to offer wireless clients access to the Internet, but only properly configured VPN clients get access to the internal network.

Any ideas?

Oh, and PAT on the outside, static address. Inside is a 192.168.1.0 and DMZ is 192.168.2.0.

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎02-28-2006 02:08 PM

Add nonat config for the DMZ interface. For example, assume this configuration:

ip address inside 10.1.1.1 255.255.255.0

ip address dmz 172.16.1.1 255.255.255.0

ip local pool vpn_pool 192.168.1.1-192.168.1.254

access-list split_tunnel permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list split_tunnel

Enter these commands:

access-list split_tunnel permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (dmz) 0 access-list split_tunnel

0 Helpful
Customers Also Viewed These Support Documents