SJCA
asked on
remote access from SSL VPN to DMZ?
Hi Experts,
I have a cisco ASA firewall which also has DMZ on it. My SSL VPN appliance and web server are in DMZ network. My PC is on 'inside' network. From my local computer at work, I can RDP to my web server in DMZ. I also can remote from home thru SSL VPN to my computer at work but can't RDP to web server in DMZ. I guess it's possible an ACL that I need to add into ASA but can't think of anything at this point.
My PC's IP: 10.10.12.25
My web server: 173.28.25.x (public ip)
My SSL VPN: 173.28.25.y (public ip)
Any susggestions? Thanks a lot.
I have a cisco ASA firewall which also has DMZ on it. My SSL VPN appliance and web server are in DMZ network. My PC is on 'inside' network. From my local computer at work, I can RDP to my web server in DMZ. I also can remote from home thru SSL VPN to my computer at work but can't RDP to web server in DMZ. I guess it's possible an ACL that I need to add into ASA but can't think of anything at this point.
My PC's IP: 10.10.12.25
My web server: 173.28.25.x (public ip)
My SSL VPN: 173.28.25.y (public ip)
Any susggestions? Thanks a lot.
ArneLovius
a suitably sanitised copy of the current config would be useful
ASKER
Hi There,
Unfortunately, I can't post the config file up here for security purposes. I drew a visio map and hope that would help you and everyone else to understand what I'm trying to do. Please feel free to ask if it isn't clear.
Note: I put myself as a Vendor who needs to go to SSL VPN and RDP to the web server.
Unfortunately, I can't post the config file up here for security purposes. I drew a visio map and hope that would help you and everyone else to understand what I'm trying to do. Please feel free to ask if it isn't clear.
Note: I put myself as a Vendor who needs to go to SSL VPN and RDP to the web server.
I understand what you are trying to do, but it would be imprudent of me to suggest ACL or NAT/PAT rule changes without knowing what the existing ACL and NAT/PAT rules are.
perhaps this might be of use for sanitising the config
https://www.experts-exchange.com/Hardware/Networking_Hardware/A_10296-How-to-sanitise-a-Cisco-config-for-Experts-Exchange.html
perhaps this might be of use for sanitising the config
https://www.experts-exchange.com/Hardware/Networking_Hardware/A_10296-How-to-sanitise-a-Cisco-config-for-Experts-Exchange.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found the solution myself. Thanks.