DMZ to Remote Site acess
Posted on 2011-05-11
in our netowrk we had site 1 connect to site 2 and all teh rules where fine. For supoprt of anoteh configuration we had to create a DMZ in Site 1 to seperate out a different ip addres range. We then created rules on teh DMZ interface to allow access back to Site 2 ( our home site ) but we cannot contact site two with these rsules.
We wodul expect them to work and have siimloar rules conencting anotehr DMZ to a remote Site, so i believe it may be somethign simple we have overlooked
Site 1 and site 2 - Pix 515E
DMZ address 192.168.100.0 255.255.255.0
Site 1 Internal Network 10.2.0.0 255.255.255.0
site 2 Network 172.16.0.0 255.255.0.0
Rules applied to DMZ Interface in site 1
access-list acl_dmz permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.0.0
access-list outside_cryptomap_40 permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.0.0
nat (dmz) 0 access-list dmz_outbound_nat0_acl
access-list dmz_outbound_nat0_acl permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.0.0
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set peer remote_Peer
crypto map outside_map 40 set transform-set "removed"
Any Help would be appreciated.
We were also considering if it is possble to not have accesslists on teh dmz, and simply allow all teh traffic into the firewall and apply teh rules on the outside interface instead