Cisco ASA 5510 issue

Unanswered Question
Jul 18th, 2007
User Badges:

Hi,


I have Cisco ASA 5510 ,which 4 interface and one management interface


Please go through the following interface configuration and nat and access-list,then i have a PC connected a PC in the dmz switch whose IP add is 172.16.1.100 /24


And I have another PC connected to inside zone whose Ip add is 192.168.100.100 which is natted to 172.16.2.1 for DMZ to Inside communication.


Now the issue is I am not able to ping(172.16.2.20) the PC (private IP is 192.168.100.100 natted IP 172.16.2.20)from the dmz zone PC (from 172.16.1.100)

Please help me to resolve the issue.


configuration details:


interface Ethernet0/0

nameif outside

speed 100

duplex full

security−level 0

ip address 10.20.158.32 255.255.0.0

no shut


interface Ethernet0/1

nameif inside

security−level 100

speed 100

duplex full

ip address 192.168.100.1 255.255.255.0

no shut


interface Ethernet0/2

nameif dmz

security−level 50

speed 100

duplex full

ip address 172.16.1.2 255.255.255.0

no shut


route Outside 0.0.0.0 0.0.0.0 10.20.0.1

nat (inside) 1 192.168.100.0 255.255.255.0 0 0

global (outside) 1 interface

static (inside,DMZ) 172.16.2.20 192.168.100.100

netmask 255.255.255.255

access−list DMZtoInside extended permit ip host 172.16.1.100 host 172.16.2.20

access−group DMZtoInside in interface DMZ


Then trouble shooting by issuing clear xlate,then try pinging... but not pinging,from the ASA propmt I able to ping both inside interface IP and dmz interface IP,and both zone PCs,but not able to ping between PCS.


Please help me to resolve the issue.


Thanks and Regards,


S.Venkataraman

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 07/18/2007 - 10:19
User Badges:
  • Green, 3000 points or more

You must allow icmp in your acl.


access−list DMZtoInside extended permit icmp host 172.16.1.100 host 172.16.2.20


Please rate helpful posts.


Actions

This Discussion