ASA5540 Issue

Unanswered Question
Sep 2nd, 2007
User Badges:

hi

we have server on DMZ area (front exchange) which we need to make it able pinging a server on protected lan (and open ssl tunnel) .

the problem is i coudlnt make my server on DMZ area which sec50 able to ping the servere on my protected lan how to do that?

what is wrong in our current configuration


check it put please

: Saved

:

ASA Version 7.0(6)

!

hostname VOOASAGATE

domain-name xxx.com

enable password xxx

names

dns-guard

!

interface GigabitEthernet0/0

nameif OUTSIDE

security-level 0

ip address 62.240.*.* 255.255.*.*

!

interface GigabitEthernet0/1

nameif INSIDELAN

security-level 100

ip address 192.168.*.* 255.255.*.*

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.55.*.* 255.255.*.*

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 172.16.0.1 255.240.0.0

management-only

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list DMZ_access_in extended permit icmp any any

access-list DMZ_access_in remark PINGING

access-list DMZ_access_in extended permit ip any host 10.55.*.*

access-list INSIDELAN_access_in extended permit icmp any any

pager lines 24

logging asdm informational

mtu OUTSIDE 1500

mtu INSIDELAN 1500

mtu DMZ 1500

mtu management 1500

no failover

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

global (OUTSIDE) 1 interface

global (DMZ) 1 interface

nat (INSIDELAN) 1 0.0.0.0 0.0.0.0

nat (DMZ) 1 0.0.0.0 0.0.0.0

static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255

access-group INSIDELAN_access_in in interface INSIDELAN

access-group DMZ_access_in in interface DMZ

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 172.16.0.0 255.240.0.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 172.16.0.2-172.16.0.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

Cryptochecksum:xxx

: end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Sun, 09/02/2007 - 00:21
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Is the server on the protected LAN a 192.168.x.x address ?


If so try changing


static (INSIDELAN,DMZ) 10.55.*.* 192.168.*.* netmask 255.255.255.255


to


static (INSIDELAN,DMZ) 192.168.x.x 192.168.x.x netmask 255.255.255.255


HTH


Jon

haifazakr Sun, 09/02/2007 - 01:39
User Badges:

hi my nobel sir

you are such a gift

May God lead you to the best way he knows

thank you sooo much

you deserve to be a acisco expert with honour

thank you


Actions

This Discussion