[c-nsp] ASA5505, Restricted VLAN & VPN

Ryan West rwest at zyedge.com
Wed Sep 16 02:27:02 EDT 2009


Dave,

Have you checked out the logs.  I think you should see your answer there.  Even if the tunnel came up properly, the ASA would still detect that it's coming from the "DMZ VLAN" and drop the connections.  The only option is connections from the inside or outside VLANs into the DMZ VLAN.

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/vlans.html#wp1101628

-ryan

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dave Brockman
Sent: Tuesday, September 15, 2009 5:27 PM
To: Cisco Mailing list
Subject: [c-nsp] ASA5505, Restricted VLAN & VPN

I have a client with an ASA5505, base license, currently utilizing the
"restricted" VLAN to provide access to the internet only, across the
"outside" interface.  Is it possible to make a VPN connection from the
restricted VLAN via (I assume) the "outside" interface, and gain
connectivity to the "inside" interface across said VPN?  I've been able
to do similar things with IOS routers in the past, I just can't nail
down from the documentation if this would be allowed on an ASA utilizing
the included restricted VLAN.  



More information about the cisco-nsp mailing list