Site to Site VPN with access to remote DMZs

jamescork · ‎05-15-2006

Hi all,

I have a site to site VPN, with site A being 172.16.1.x and site B being 172.16.2.x.

Site B also has DMZs 192.168.1.x, 192.168.2.x, 192.168.3.x and 192.168.4.x.

The site to site VPN works as expected, but I would like users in site A to be able to reach services in site B's DMZs, I'm just using a host in 192.168.1.x for testing.

I've added the following to site A's nonat and VPN ACLs:

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 101 permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

I see the hit counts for these rules increment as I attempt to access the test service.

At site B I've then added access for site A's hosts to reach the DMZ hosts

access-list insidein permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0 eq https

But never see this hit counter increment when I request an HTTPS page from a host in DMZ1.

What rule have I missed?

Many thanks.

Report Inappropriate Content · ‎05-19-2006

Try this link

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb72b.html

jamescork · ‎06-07-2006

Sorry, but having read through this all I see is information on creating various site-to-site VPNs to connect internal networks - which I already have working here.

I didn't see anything regarding accessing the DMZs of the remote PIXs, did I miss something?