dmz across tunnel to remote network
Posted on 2012-09-05
VPN Tunnel between ASA 5510 and 5505.
5510 - Head office
5505 - Branch
Int inside - 100
Int outside - 0
int DMZ - 10
int inside - 100
int outside - 0
My dmz setup on the 5510 is correct that locally from head office we can access the web servers on the dmz. However, recently i moved a web server from the branch office inside network to the head office dmz.
The problem now is that when resolving DNS at the branch office, it resolves to an ip address of the head office DMZ that out of the box is not routable. So i went ahead and added the required access lists for "no nat" and interesting traffic to the tunnel, on both firewalls, back and forward, but to no good results.
The dmz has an entry to allow that particular box to talk:
access-list DMZ_access_in extended permit ip host 10.16.13.21 any
So the question is: What else am i missing ? Ideas ?