cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
315
Views
0
Helpful
2
Replies

Site to Site VPN with access to remote DMZs

jamescork
Level 1
Level 1

Hi all,

I have a site to site VPN, with site A being 172.16.1.x and site B being 172.16.2.x.

Site B also has DMZs 192.168.1.x, 192.168.2.x, 192.168.3.x and 192.168.4.x.

The site to site VPN works as expected, but I would like users in site A to be able to reach services in site B's DMZs, I'm just using a host in 192.168.1.x for testing.

I've added the following to site A's nonat and VPN ACLs:

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

I see the hit counts for these rules increment as I attempt to access the test service.

At site B I've then added access for site A's hosts to reach the DMZ hosts

access-list insidein permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0 eq https

But never see this hit counter increment when I request an HTTPS page from a host in DMZ1.

What rule have I missed?

Many thanks.

2 Replies 2

Sorry, but having read through this all I see is information on creating various site-to-site VPNs to connect internal networks - which I already have working here.

I didn't see anything regarding accessing the DMZs of the remote PIXs, did I miss something?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: