Dave, Have you checked out the logs. I think you should see your answer there. Even if the tunnel came up properly, the ASA would still detect that it's coming from the "DMZ VLAN" and drop the connections. The only option is connections from the inside or outside VLANs into the DMZ VLAN.
http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/vlans.html#wp1101628 -ryan -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Dave Brockman Sent: Tuesday, September 15, 2009 5:27 PM To: Cisco Mailing list Subject: [c-nsp] ASA5505, Restricted VLAN & VPN I have a client with an ASA5505, base license, currently utilizing the "restricted" VLAN to provide access to the internet only, across the "outside" interface. Is it possible to make a VPN connection from the restricted VLAN via (I assume) the "outside" interface, and gain connectivity to the "inside" interface across said VPN? I've been able to do similar things with IOS routers in the past, I just can't nail down from the documentation if this would be allowed on an ASA utilizing the included restricted VLAN. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/