Let me try to explain in another way : I think you have 2 different ways to do this.
One where you terminate the VPN on the LAN and open to acces to the DMZ from LAN by the use of access rules (if you are not using default in which case there will be open from LAN->DMZ as far as i remember). Second you can choose to terminate the VPN tunnel on both LAN and DMZ by the use of the advanced option. Both requires the definition of the DMZ IP as a destination network on the SA. If you can skip NAT on DMZ in example one i'm not sure, but you must use NAT on DMZ for example 2, and i know, because i'm running this setup myself. To add to the confusion, i actually think you have to add a "bounce" router on the LAN in example one, to route traffic out from the LAN port and back again, to the LAN and from there to the DMZ. This would be due to the fact that the VPN tunnel is terminated at the LAN and the Sonicwall will not be able to route traffic back into itself again (i would like to state "i think", so my head is on the line here). /jesper -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: 1. oktober 2002 17:37 To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- VPN to DMZ >Also remember to create access lists which, IMHO ,only works in firmware v.6.3.x.x onwards. Lost me there. Do you mean access rules? Are those needed for traffic running through a VPN? >DMZ must be configured with NAT enabled. DMZ have public IP addresses. >An alternative could be to use the "Terminate VPN at LAN and DMZ" option at the Advanced button on the VPN config page. OK, did that on the PRO 100 at corporate office, but how does the remote office know to send DMZ traffic through the VPN if it does not have the DMZ network defined in Destination Networks? Or are you saying to define it in the Destination Networks on the Remote and check that box on the Corporate? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail scanned for viruses by Declude/F-Prot AV] ======================================================================== =========================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
