Accessing websites when VPN'd in to our network
Posted on 2012-09-20
We have 2 Cisco ASA 5510's with internet connections running in to each, for each their own purpose. One connection is our primary internet connection for our building (and the majority of our VPN users connect to this ASA) and the other just runs for our web servers, that are running in a DMZ on that ASA and nothing else so as we don't have any slowdown issues related to any other connections.
Our users VPN in to "Internet ASA" and gain access to our internal networks and can see what they need to see but...(and here's the problem) they can not access the web sites that are running through the other Website ASA, when VPN'd. If I do pings or traces to that DMZ subnet, the traffic redirects back out the internet and dies in our providers network. This DMZ network is accessible from inside our network (so users aren't requesting for traffic out through our internet ASA and over to our Website ASA).
I've done some work in the past with CiscoTAC and what I've been told is it's due to security on the interfaces. Basically, when you're coming in through the "outside" interface of the internet ASA (VPN'd connection), in to the inside network and trying to access the DMZ interface of the Website ASA, it is denied because of the security settings of the interfaces.
Is this really the case or would someone have an idea of a work around. I can post configs if it would help but wanted to keep it general for now if someone has an idea on how to best set this up.
Thanks for any help,