ASA5540 Issue

Unanswered Question
Sep 2nd, 2007
User Badges:


we have server on DMZ area (front exchange) which we need to make it able pinging a server on protected lan (and open ssl tunnel) .

the problem is i coudlnt make my server on DMZ area which sec50 able to ping the servere on my protected lan how to do that?

what is wrong in our current configuration

check it put please

: Saved


ASA Version 7.0(6)




enable password xxx




interface GigabitEthernet0/0

nameif OUTSIDE

security-level 0

ip address 62.240.*.* 255.255.*.*


interface GigabitEthernet0/1


security-level 100

ip address 192.168.*.* 255.255.*.*


interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.55.*.* 255.255.*.*


interface GigabitEthernet0/3


no nameif

no security-level

no ip address


interface Management0/0

nameif management

security-level 100

ip address



passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list DMZ_access_in extended permit icmp any any

access-list DMZ_access_in remark PINGING

access-list DMZ_access_in extended permit ip any host 10.55.*.*

access-list INSIDELAN_access_in extended permit icmp any any

pager lines 24

logging asdm informational

mtu OUTSIDE 1500

mtu INSIDELAN 1500

mtu DMZ 1500

mtu management 1500

no failover

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

global (OUTSIDE) 1 interface

global (DMZ) 1 interface


nat (DMZ) 1

static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask

access-group INSIDELAN_access_in in interface INSIDELAN

access-group DMZ_access_in in interface DMZ

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address management

dhcpd lease 3600

dhcpd ping_timeout 50


: end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jon Marshall Sun, 09/02/2007 - 00:21
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Is the server on the protected LAN a 192.168.x.x address ?

If so try changing

static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask


static (INSIDELAN,DMZ) 192.168.x.x 192.168.x.x netmask



haifazakr Sun, 09/02/2007 - 01:39
User Badges:

hi my nobel sir

you are such a gift

May God lead you to the best way he knows

thank you sooo much

you deserve to be a acisco expert with honour

thank you


This Discussion