04-11-2007 07:46 AM - edited 03-11-2019 02:58 AM
I'm trying to allow ping from the inside to the dmz zone. For this I have configured an ACL allowing all icmp traffic and applied it to the dmz interface, but it doesn't works. What would be the problem?
I have started from the default configuration and added only the following lines
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 inside security100
nameif ethernet1 dmz security60
access-list dmz_in permit icmp any any
access-list dmz_in permit ip any any
ip address inside 10.29.40.9 255.255.255.0
ip address dmz 192.168.23.14 255.255.255.0
access-group dmz_in in interface dmz
Solved! Go to Solution.
04-11-2007 09:49 AM
You probably need to apply a nat ( inside ) 0 statement. You could also use a static map from the inside to the dmz network.
04-11-2007 07:56 AM
can you pass other traffic to the dmz, besides icmp? if not, this might be a NAT issue. if you don't need nat from inside-> dmz, use something like the following:
static (inside,dmz) 192.168.1.1 192.168.1.1
where 192.168.1.1 is whatever host is on the inside that you're ping from.
04-11-2007 09:49 AM
You probably need to apply a nat ( inside ) 0 statement. You could also use a static map from the inside to the dmz network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide