DMZ access over VPN

[hala]

Hi all,

I facing problem in VPN connection between two sites (siteA & siteB)

SiteA Inside network users needs access to SiteB DMZ servers, (Already it has access thru Public IP but our users needs to have access thru Local IP)

Simply to say.. Connection between SiteA inside network to SiteB DMZ Server(Webserver HTTP access only )

Please let me know the command lines to add in the PIX to make it work.

Thanks..

 

[speedingwolf]

I assumed you have the following configurations:

Site A Inside Net: 10.4.0.0

Site B Inside Net: 10.0.0.0

Site B DMZ NET: 192.168.0.0

Problem: Site A, 10.4.0.0. needs to access to Site B's inside and DMZ:

I also assumed you have VPN connectivity between the 2 already setup


ACL

PIX on Site A:

nat (inside) 0 access-list TunnelToSiteB
This say no NAT

This say NAT:
nat (inside) 1 10.4.0.0 255.255.0.0 0 0
global (outside) 1 interface

This line says: Site A to Site B inside network:
access-list TunnelToSiteB line 1 permit ip 10.4.0.0 255.255.0.0 10.0.0.0 255.255.0.0

This line says: Site A to Site' B DMZ

access-list TunnelToSiteB line 2 permit ip 10.4.0.0 255.255.0.0 192.168.0.0 255.255.255.0

Also, don' forget on your PIX on Site B:

route inside 10.4.0.0 255.255.0.0 10.0.0.x (this is the terminated interface of Site B traffic). Either on the PIX or if you have another VPN termination point.

Hope this helps.