greentriangle
asked on
Cisco ASA 5505 VPN accessing Inside and DMZ VLAN
We have a terminal that people are accessing via a VPN into the Cisco ASA. The ip address of the ts is 192.168.16.2 (ASA 192.168.16.254). Works fine (users get allocated 192.168.200.x IP address via VPN). However, a site that the users go to is on the same subnet. Thought of getting around it by using a second NIC in the TS, configuring it as 192.168.100.1, setting up DMZ VLan in ASA. Also through TS Host, have configured it for lower colour depth, etc etc. They then can vpn in and access the tserver on 192.168.100.1. I have set it up but cannot access the termianl server on this address. The TS can ping the gateway okay (192.168.100.254). I have included a copy of the config and a diagram of how it is to ber setup.
Thanks,
VPN-Mulitple-Vlans-Conf.txt
Thanks,
VPN-Mulitple-Vlans-Conf.txt
ASKER
Hi. The terminal server is configured as 192.168.16.2. Unfortuanately, there is also a server at the remote site with the same IP address, hence the reason setting up a different address for the TS (192.168.100.1). The NIC is listening okay on 192.168.100.1 and has been configured under TS Host configuration for the external RDP on that IP Address.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fixed internally
I assume that because it was working you were tunnelling all traffic over the VPN which in turn prevented the remote users from being able to see the 192.168.16.0 network at their site?
If all of the above is correct, would it not be possible for you to only tunnel the IP of the terminal server? Assuming it is not in use and required at the remote site?
Failing all of that have you checked the TS config to ensure it is actually listening on the new NIC's IP address? Depending on how it was built it might not be set to listen for connections on all IPs...