VPN users unable to access DMZ 1

rubbaninja · Mar 28, 2008

I am using a 5540 to allow vpn users access to our network through the outside interface.
Users cannot access our webdmz interface that resided on the same device.

"ASA-3-305005: No translation group found for tcp src outside:192.168.100.15/1673 dst webdmz:10.72.1.19/80

192 being the address of the VPN client.

All traffic is tunneled

Some config info
same-security-traffic permit inter-interface
access-list inside_nat0_outbound extended permit ip any 192.168.100.0 255.255.254.0

Let me know if there is something more I should show or not. Thank You

NetworkGhost · Mar 28, 2008

You need a nat 0 statement applied to the DMZ interface.

access-list nonat_dmz permit ip any 192.168.100.0 255.255.254.0
nat (dmzif) 0 access-list nonat_dmz

http://www.wr-mem.com

rubbaninja · Mar 31, 2008

Thanks for the help. Shortly after this I figured it out and that's exactly what I did. I forgot about the "new" packet tracer feature which helped A LOT.

Thanks!

NetworkGhost · Mar 31, 2008

Yeah packet-tracer is great. Alot of the new commands are much more helpful.

http://www.wr-mem.com

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

VPN users unable to access DMZ 1

rubbaninja

MIS

NetworkGhost

IS-IT--Management

rubbaninja

MIS

NetworkGhost

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor