PIX 525 Firewall guest dmz needs vpn access to internal access...how?

I have a PIX 525 Firewall with inside interaces, outside interface, then my DMZ interface for my webservers, and 4th interface as my guest network, which is dhcp allowing users connected to it access to the internet only!  From time to time we have internal users using this guest network but they also need to vpn into the internal network to access things on the inside using cisco vpn client, my PIX is also my VPN end point, the outside interface is what accepts these requests.  Is there a way to allow those clients on the guest network dmz to vpn into the internal network on the same device?
LVL 17
Andres PeralesAsked:
Who is Participating?
>my PIX is also my VPN end point, the outside interface is what accepts these requests
Just enable isakmp on the dmz interface as well as the outside, and apply the crypto map to the dmz interface

isakmp enable outside
isakmp enable dmz

crypto map mymap interface outside
crypto map mymap interface dmz

You could create a separate dynmap crypto map for the dmz, but I don't think you have to. You can use the same ip pool and therefore all the other parameters are the same regardless of whether you attach from the outside or from the dmz.

That is what we are trying to get done on the following thread.


It should work the same way as you have it terminating on the outside interface. DMZ is still in a lower security level
after all.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.