Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wireless Access Point in DMZ - then connect to VPN 1

Status
Not open for further replies.
u080570

u080570

Technical User
Jul 24, 2003
100
US
I am setting up a wireless network - I am using Cisco Aironet access points placed in our DMZ. My goal is to have my mobile users connect to these access points then use their Cisco VPN clients to connect to our VPN for internal network access.

I have everything working except the last step...my users can connect to the access points, they can get to the internet....I cant get them to connect to the VPN.

I think the problem is the wireless users are being NATed to an address that is on the same network as the VPN connection (they can connect to VPN connection at my other locations - different networks - with no problem).

Im missing something in my VPN connection settings on my firewall - but I havent been able to figure out what...

Any suggestions what to look for?

Thanks,
MM
 
Sort by date Sort by votes
As I see it you can make it work, I have configured something similar for my home network and I don't see why this shouldn't work, I would do the following;

I would setup the AP to be in the DMZ just like you and make sure this segment uses unique IP block.

I would then configure the PIX for VPN client and make sure I enable that on the DMZ interface, I would also make sure that I create unique DHCP pool for the VPN client users, I would then make sure all the NAT and access rules allow users to access the network..


Hope that helps.
 
Upvote 0 Downvote
Without seeing the config - If you have your VPN already working from the outside, all you should need to add is

isakmp enable dmz
and make sure that they are connecting to the interface IP on the DMZ.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks guys!!! I got it working....I didnt have IKE enabled on my DMZ interface - that was all I needed...

Thanks again!
MM
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
809
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
844
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
359
gkittelson
gkittelson

Part and Inventory Search

Sponsor

Back
Top