ASA DMZ, Static NAT, VPN access through internal ip of DMZ

[mikecastdogg]

I have an ASA 5520 setup with both VPN clients and l2l. I have a DMZ setup with static NAT on outside and Inside. Inside clients can reach the DMZ through an internal LAN IP address that has a static map and external users can hit the DMZ via an external address. I need to enable VPN users to be able to access the DMZ through the internal LAN address and I also need internal/VPN users to access the DMZ through its external address.

Is this possible?

 

[brianinms]

1. Could you post a sanitized copy of your configuration?

2.What are you trying to accomplish as there may be a better way?

 

[mikecastdogg]

Brian, I need my vpn clients and remote sites to able to access a dmz server through an address on my internal lan. If i create a static , I can access the dmz through an internal address. The second static mapping allows me to access dmz through external. The problem is vpn clients and sites cannot access dmz + I also need all internal clients to also access the dmz through the external address. I have accomplished this through hairpinning in the past.

Static (dmz,inside)192.168.100.1 172.16.100.1 netmask 255.255.255.255

static (dmz,outside) "public ip" 172.16.100.1 netmask 255.255.255.255