Do I maybe need a NAT statement for the DMZ like the one for the inside network? Like Show 0 Likes (0) Actions Join this discussion now: Log in / Register 9. I have tried configuring a static nat as follows static (INSIDE,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 I created an access-list called EXEMPT which permits any any. interface Ethernet0/6 ! weblink
Re: ASA Unable to ping from inside to DMZ Keith Miller Jan 25, 2015 12:08 PM (in response to valentin) I don't see an "any" for your source in your ACL, Better yet, you could also change the Inside's security level to 100 (or really any value more than that of your DMZ, which is currently 50). Show 25 replies 1. threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 188.8.131.52 source outside prefer webvpn ! https://supportforums.cisco.com/discussion/11499071/hosts-inside-cannot-ping-hosts-dmz-why-asa-5505
interface Ethernet0/5 switchport access vlan 5 ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd option 3 ip 192.168.1.1 interface inside dhcpd enable inside ! If not than try it with that corrected also. Events Events Community CornerAwards & Recognition Behind the Scenes Feedback Forum Cisco Certifications Cisco Press Café Cisco On Demand Support & Downloads Community Resources Security Alerts Security Alerts News News Video
I prefer to make the icmp "stateful" by inspecting it, but it is just a matter of taste. /Kvistofta 0 LVL 4 Overall: Level 4 Cisco 4 Hardware Firewalls 1 Drawing picture with TikZ It is possible to define metric spaces from pure topological concepts without the need to define a distance function? ftp mode passive dns domain-lookup inside dns domain-lookup outside dns domain-lookup dmz dns server-group DefaultDNS name-server 184.108.40.206 name-server 220.127.116.11 domain-name mycompanydomain.com access-list out_dmz extended permit icmp any any echo access-list out_dmz https://www.experts-exchange.com/questions/26473245/Can't-Ping-Between-DMZ-And-Inside.html What commands can be used to control GUI buttons?
interface Ethernet0/4 ! why not try these out interface Ethernet0/3 ! interface Vlan1 nameif inside security-level 100 ip address 172.20.48.2 255.255.255.0 ! Here's the situation: I have an ASA5505 with DMZ (10.10.10.X) and Inside (192.168.0.X) Vlans.
Read this from the Cisco help: With the Base license, you can only configure a third VLAN if you use this command to limit it. have a peek at these guys Also, what version of code is your ASA on and what model is it?Regards,Keith Like Show 0 Likes (0) Actions Join this discussion now: Log in / Register 2. Like Show 0 Likes (0) Actions Join this discussion now: Log in / Register 5. interface Vlan1 no nameif no security-level no ip address !
Join the community of 500,000 technology professionals and ask your questions. interface Ethernet0/3 ! Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the check over here share|improve this answer answered May 25 '12 at 2:40 Fahad Alduraibi 1112 add a comment| up vote 0 down vote If you configure "same-security permit inter-interface" and have nat enabled on
Please type your message and try again. 1 2 Previous Next 25 Replies Latest reply: Jan 27, 2015 4:42 AM by Keith Miller ASA Unable to ping from inside to DMZ All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'… Hardware Firewalls How to Monitor Bandwidth using SNMP or WMI What do the logs and the packet-tracer command say?
i thought he was missing source translation from inside to dmz. #fixup protocol icmp should do like Kvistofta mentioned. 0 Message Author Comment by:hachemp2010-09-15 Comment Utility Permalink(# a33682589) Thank you Can dispel magic end a darkness spell? Exciting Jobs Using Cisco Technology Cisco TAC Job Openings Create Your IT Career Create Your IT Career Create Your Career Toolkit & Webinars Internet of Things Webinar Series Women in Networking Join the community Back I agree Powerful tools you need, all for free.
What movie is this? Re: ASA Unable to ping from inside to DMZ valentin Jan 23, 2015 3:19 AM (in response to Keith Miller) Hello I managed to make it work. You can not post a blank message. this content Second, I've also tried the command "same-security-traffic permit inter-interface" without success. –Justin Best Apr 29 '11 at 23:04 1 I notice you don't have any access-lists written to allow traffic